diff --git a/src/lib/Hydra/Controller/Jobset.pm b/src/lib/Hydra/Controller/Jobset.pm
index 4dc90094..fa968ef3 100644
--- a/src/lib/Hydra/Controller/Jobset.pm
+++ b/src/lib/Hydra/Controller/Jobset.pm
@@ -221,7 +221,7 @@ sub updateJobset {
     my ($c, $jobset) = @_;
 
     my $jobsetName = trim $c->request->params->{"name"};
-    error($c, "Invalid jobset name: $jobsetName") unless $jobsetName =~ /^[[:alpha:]][\w\-]*$/;
+    error($c, "Invalid jobset name: ‘$jobsetName’") if $jobsetName !~ /^$jobsetNameRE$/;
 
     my ($nixExprPath, $nixExprInput) = nixExprPathFromParams $c;
 
@@ -298,13 +298,13 @@ sub clone_submit : Chained('jobset') PathPart('clone/submit') Args(0) {
     requireProjectOwner($c, $jobset->project);
     requirePost($c);
 
-    my $newjobsetName = trim $c->request->params->{"newjobset"};
-    error($c, "Invalid jobset name: $newjobsetName") unless $newjobsetName =~ /^[[:alpha:]][\w\-]*$/;
+    my $newJobsetName = trim $c->request->params->{"newjobset"};
+    error($c, "Invalid jobset name: $newJobsetName") unless $newJobsetName =~ /^[[:alpha:]][\w\-]*$/;
 
-    my $newjobset;
+    my $newJobset;
     txn_do($c->model('DB')->schema, sub {
-        $newjobset = $jobset->project->jobsets->create(
-            { name => $newjobsetName
+        $newJobset = $jobset->project->jobsets->create(
+            { name => $newJobsetName
             , description => $jobset->description
             , nixexprpath => $jobset->nixexprpath
             , nixexprinput => $jobset->nixexprinput
@@ -314,14 +314,14 @@ sub clone_submit : Chained('jobset') PathPart('clone/submit') Args(0) {
             });
 
         foreach my $input ($jobset->jobsetinputs) {
-            my $newinput = $newjobset->jobsetinputs->create({name => $input->name, type => $input->type});
+            my $newinput = $newJobset->jobsetinputs->create({name => $input->name, type => $input->type});
             foreach my $inputalt ($input->jobsetinputalts) {
                 $newinput->jobsetinputalts->create({altnr => $inputalt->altnr, value => $inputalt->value});
             }
         }
     });
 
-    $c->res->redirect($c->uri_for($c->controller('Jobset')->action_for("edit"), [$jobset->project->name, $newjobsetName]));
+    $c->res->redirect($c->uri_for($c->controller('Jobset')->action_for("edit"), [$jobset->project->name, $newJobsetName]));
 }
 
 
diff --git a/src/lib/Hydra/Controller/JobsetEval.pm b/src/lib/Hydra/Controller/JobsetEval.pm
index 76c85feb..ebfc49be 100644
--- a/src/lib/Hydra/Controller/JobsetEval.pm
+++ b/src/lib/Hydra/Controller/JobsetEval.pm
@@ -32,13 +32,17 @@ sub view : Chained('eval') PathPart('') Args(0) {
     # Allow comparing this evaluation against the previous evaluation
     # (default), an arbitrary evaluation, or the latest completed
     # evaluation of another jobset.
-    if (defined $compare && $compare =~ /^\d+$/) {
-        $eval2 = $c->model('DB::JobsetEvals')->find($compare)
-            or notFound($c, "Evaluation $compare doesn't exist.");
-    } elsif (defined $compare && $compare =~ /^($jobNameRE)$/) {
-        my $j = $c->stash->{project}->jobsets->find({name => $compare})
-            or notFound($c, "Jobset $compare doesn't exist.");
-        $eval2 = getLatestFinishedEval($c, $j);
+    if (defined $compare) {
+        if ($compare =~ /^\d+$/) {
+            $eval2 = $c->model('DB::JobsetEvals')->find($compare)
+                or notFound($c, "Evaluation $compare doesn't exist.");
+        } elsif (defined $compare && $compare =~ /^($jobsetNameRE)$/) {
+            my $j = $c->stash->{project}->jobsets->find({name => $compare})
+                or notFound($c, "Jobset $compare doesn't exist.");
+            $eval2 = getLatestFinishedEval($c, $j);
+        } else {
+            notFound($c, "Unknown comparison source ‘$compare’.");
+        }
     } else {
         ($eval2) = $eval->jobset->jobsetevals->search(
             { hasnewbuilds => 1, id => { '<', $eval->id } },
diff --git a/src/lib/Hydra/Controller/Project.pm b/src/lib/Hydra/Controller/Project.pm
index 0b600d41..18597942 100644
--- a/src/lib/Hydra/Controller/Project.pm
+++ b/src/lib/Hydra/Controller/Project.pm
@@ -119,6 +119,8 @@ sub create_submit : Path('/create-project/submit') {
 
     my $projectName = trim $c->request->params->{name};
     
+    error($c, "Invalid project name: ‘$projectName’") if $projectName !~ /^$projectNameRE$/;
+
     txn_do($c->model('DB')->schema, sub {
         # Note: $projectName is validated in updateProject,
         # which will abort the transaction if the name isn't
@@ -152,6 +154,8 @@ sub create_jobset_submit : Chained('project') PathPart('create-jobset/submit') A
     
     my $jobsetName = trim $c->request->params->{name};
 
+    error($c, "Invalid jobset name: ‘$jobsetName’") if $jobsetName !~ /^$jobsetNameRE$/;
+
     txn_do($c->model('DB')->schema, sub {
         # Note: $jobsetName is validated in updateProject, which will
         # abort the transaction if the name isn't valid.
@@ -168,7 +172,7 @@ sub create_jobset_submit : Chained('project') PathPart('create-jobset/submit') A
 sub updateProject {
     my ($c, $project) = @_;
     my $projectName = trim $c->request->params->{name};
-    error($c, "Invalid project name: " . ($projectName || "(empty)")) unless $projectName =~ /^[[:alpha:]][\w\-]*$/;
+    error($c, "Invalid project name: ‘$projectName’") if $projectName !~ /^$projectNameRE$/;
     
     my $displayName = trim $c->request->params->{displayname};
     error($c, "Invalid display name: $displayName") if $displayName eq "";
diff --git a/src/lib/Hydra/Helper/CatalystUtils.pm b/src/lib/Hydra/Helper/CatalystUtils.pm
index 80c391ab..a58c9c38 100644
--- a/src/lib/Hydra/Helper/CatalystUtils.pm
+++ b/src/lib/Hydra/Helper/CatalystUtils.pm
@@ -13,7 +13,7 @@ our @EXPORT = qw(
     requireLogin requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
     trim
     getLatestFinishedEval
-    $pathCompRE $relPathRE $relNameRE $jobNameRE $systemRE
+    $pathCompRE $relPathRE $relNameRE $projectNameRE $jobsetNameRE $jobNameRE $systemRE
     @buildListColumns
 );
 
@@ -181,12 +181,14 @@ sub getLatestFinishedEval {
 
 
 # Security checking of filenames.
-Readonly our $pathCompRE => "(?:[A-Za-z0-9-\+\._][A-Za-z0-9-\+\._]*)";
-Readonly our $relPathRE  => "(?:$pathCompRE(?:/$pathCompRE)*)";
-Readonly our $relNameRE  => "(?:[A-Za-z0-9-][A-Za-z0-9-\.]*)";
-Readonly our $attrNameRE => "(?:[A-Za-z_][A-Za-z0-9_]*)";
-Readonly our $jobNameRE  => "(?:$attrNameRE(?:\\.$attrNameRE)*)";
-Readonly our $systemRE   => "(?:[a-z0-9_]+-[a-z0-9_]+)";
+Readonly our $pathCompRE    => "(?:[A-Za-z0-9-\+\._][A-Za-z0-9-\+\._]*)";
+Readonly our $relPathRE     => "(?:$pathCompRE(?:/$pathCompRE)*)";
+Readonly our $relNameRE     => "(?:[A-Za-z0-9-][A-Za-z0-9-\.]*)";
+Readonly our $attrNameRE    => "(?:[A-Za-z_][A-Za-z0-9_]*)";
+Readonly our $projectNameRE => "(?:[A-Za-z_][A-Za-z0-9-_]*)";
+Readonly our $jobsetNameRE  => "(?:[A-Za-z_][A-Za-z0-9-_]*)";
+Readonly our $jobNameRE     => "(?:$attrNameRE(?:\\.$attrNameRE)*)";
+Readonly our $systemRE      => "(?:[a-z0-9_]+-[a-z0-9_]+)";
 
 
 1;