Index: lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java
===================================================================
diff -u -r96033f32ff880d045b4c087f52628d233dc98095 -re1247e4495087eea41d597f90365d50b5b104b19
--- lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java	(.../ObjectExtractor.java)	(revision 96033f32ff880d045b4c087f52628d233dc98095)
+++ lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java	(.../ObjectExtractor.java)	(revision e1247e4495087eea41d597f90365d50b5b104b19)
@@ -96,6 +96,7 @@
 import org.lamsfoundation.lams.util.DateUtil;
 import org.lamsfoundation.lams.util.FileUtil;
 import org.lamsfoundation.lams.util.JsonUtil;
+import org.lamsfoundation.lams.util.ValidationUtil;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ArrayNode;
@@ -331,13 +332,20 @@
 	if ((learningDesign != null) && (learningDesign.getCopyTypeID() != null)
 		&& !learningDesign.getCopyTypeID().equals(copyTypeID) && !learningDesign.getEditOverrideLock()) {
 	    throw new ObjectExtractorException(
-		    "Unable to save learning design.  Cannot change copy type on existing design.");
+		    "Unable to save learning design. Cannot change copy type on existing design.");
 	}
 	if (!copyTypeID.equals(LearningDesign.COPY_TYPE_NONE) && !learningDesign.getEditOverrideLock()) {
-	    throw new ObjectExtractorException("Unable to save learning design.  Learning design is read-only");
+	    throw new ObjectExtractorException("Unable to save learning design. Learning design is read-only");
 	}
 	learningDesign.setCopyTypeID(copyTypeID);
 
+	learningDesign.setTitle(JsonUtil.optString(ldJSON, AuthoringJsonTags.TITLE));
+	if (!ValidationUtil.isLearningDesignNameValid(learningDesign.getTitle())) {
+	    throw new ObjectExtractorException(
+		    "Unable to save learning design. Learning design title contains forbidden characters: "
+			    + learningDesign.getTitle());
+	}
+
 	learningDesign.setWorkspaceFolder(workspaceFolder);
 	learningDesign.setUser(user);
 	String contentFolderID = JsonUtil.optString(ldJSON, AuthoringJsonTags.CONTENT_FOLDER_ID);
@@ -379,7 +387,6 @@
 	learningDesign.setValidDesign(JsonUtil.optBoolean(ldJSON, AuthoringJsonTags.VALID_DESIGN, false));
 	learningDesign.setLearningDesignUIID(JsonUtil.optInt(ldJSON, AuthoringJsonTags.LEARNING_DESIGN_UIID));
 	learningDesign.setDescription(JsonUtil.optString(ldJSON, AuthoringJsonTags.DESCRIPTION));
-	learningDesign.setTitle(JsonUtil.optString(ldJSON, AuthoringJsonTags.TITLE));
 	learningDesign.setMaxID(JsonUtil.optInt(ldJSON, AuthoringJsonTags.MAX_ID));
 	learningDesign.setReadOnly(JsonUtil.optBoolean(ldJSON, AuthoringJsonTags.READ_ONLY));
 	learningDesign.setDateReadOnly(
@@ -969,6 +976,12 @@
 	activity.setDescription(JsonUtil.optString(activityDetails, AuthoringJsonTags.DESCRIPTION));
 	activity.setTitle(JsonUtil.optString(activityDetails, AuthoringJsonTags.ACTIVITY_TITLE));
 
+	if (!ValidationUtil.isLearningDesignNameValid(activity.getTitle())) {
+	    throw new ObjectExtractorException(
+		    "Unable to save learning design. Activity title contains forbidden characters: "
+			    + activity.getTitle());
+	}
+
 	activity.setXcoord(getCoord(activityDetails, AuthoringJsonTags.XCOORD));
 	activity.setYcoord(getCoord(activityDetails, AuthoringJsonTags.YCOORD));
 
Index: lams_common/src/java/org/lamsfoundation/lams/util/ValidationUtil.java
===================================================================
diff -u -rdc55e4ca32068d759a3ef59c619f92d28d3b7d8d -re1247e4495087eea41d597f90365d50b5b104b19
--- lams_common/src/java/org/lamsfoundation/lams/util/ValidationUtil.java	(.../ValidationUtil.java)	(revision dc55e4ca32068d759a3ef59c619f92d28d3b7d8d)
+++ lams_common/src/java/org/lamsfoundation/lams/util/ValidationUtil.java	(.../ValidationUtil.java)	(revision e1247e4495087eea41d597f90365d50b5b104b19)
@@ -62,6 +62,8 @@
     private final static Pattern REGEX_PASSWORD_CHARATERS_ALLOWED = Pattern
 	    .compile("^[A-Za-z0-9\\d`~!@#$%^&*\\(\\)_\\-+={}\\[\\]\\\\|:\\;\\\"\\'\\<\\>,.?\\/]*$");
 
+    private final static Pattern REGEX_LEARNING_DESIGN_NAMES = Pattern.compile("^[^<>^*@%$]*$");
+
     private static BreachDatabase TOP_100K_PASSWORDS_DB = null;
 
     /**
@@ -166,18 +168,13 @@
 	if (user == null || StringUtils.isBlank(password)) {
 	    return true;
 	}
-	if (user.getUserId() != null && password.equals(user.getUserId().toString())) {
+	if ((user.getUserId() != null && password.equals(user.getUserId().toString()))
+		|| (StringUtils.isNotBlank(user.getLogin()) && password.equalsIgnoreCase(user.getLogin().trim()))) {
 	    return false;
 	}
-	if (StringUtils.isNotBlank(user.getLogin()) && password.equalsIgnoreCase(user.getLogin().trim())) {
+	if ((StringUtils.isNotBlank(user.getEmail()) && password.equalsIgnoreCase(user.getEmail().trim())) || (StringUtils.isNotBlank(user.getFirstName()) && password.equalsIgnoreCase(user.getFirstName().trim()))) {
 	    return false;
 	}
-	if (StringUtils.isNotBlank(user.getEmail()) && password.equalsIgnoreCase(user.getEmail().trim())) {
-	    return false;
-	}
-	if (StringUtils.isNotBlank(user.getFirstName()) && password.equalsIgnoreCase(user.getFirstName().trim())) {
-	    return false;
-	}
 	if (StringUtils.isNotBlank(user.getLastName()) && password.equalsIgnoreCase(user.getLastName().trim())) {
 	    return false;
 	}
@@ -321,4 +318,12 @@
 	// check min words limit is reached
 	return (wordCount >= minWordsLimit);
     }
+
+    /**
+     * Checks if LD's and activities' titles are valid.
+     * Mirrors regex set in nameValidator in authoringGeneral.js
+     */
+    public static boolean isLearningDesignNameValid(String name) {
+	return ValidationUtil.isRegexMatches(ValidationUtil.REGEX_LEARNING_DESIGN_NAMES, name);
+    }
 }