diff --git a/HISTORY b/HISTORY
index 533dc76..6fc193f 100644
--- a/HISTORY
+++ b/HISTORY
@@ -1,3 +1,7 @@
+= 3.1.2 / 2016-06-21
+
+  * Add stricter validation on group and feature names to prevent whitespace being entered.
+
 = 3.1.1 / 2016-02-16
 
   * Move the Bandiera codebase into the `springernature` organisation and update the copyright.
diff --git a/lib/bandiera/api_v1.rb b/lib/bandiera/api_v1.rb
index 6542ff0..bdba253 100644
--- a/lib/bandiera/api_v1.rb
+++ b/lib/bandiera/api_v1.rb
@@ -134,7 +134,7 @@ def render_json(data)
     end
 
     def with_valid_feature_params(feature, inc_option_params_in_error = false)
-      if valid_params?(feature)
+      if valid_feature_params?(feature)
         yield
       else
         error_msg = "Invalid parameters, required params are { 'feature' => { 'name' => 'FEATURE NAME', " \
diff --git a/lib/bandiera/gui.rb b/lib/bandiera/gui.rb
index 4211ca9..c3a158b 100644
--- a/lib/bandiera/gui.rb
+++ b/lib/bandiera/gui.rb
@@ -54,13 +54,10 @@ def _get_new_group
     def _post_create_group
       group_name = params[:group][:name]
 
-      if param_present?(group_name)
+      with_valid_group_params(group_name, '/new/group') do
         feature_service.add_group(group_name)
         flash[:success] = 'Group created.'
         redirect '/'
-      else
-        flash[:danger] = 'You must enter a group name.'
-        redirect '/new/group'
       end
     end
 
@@ -151,20 +148,28 @@ def _get_delete_feature(group_name, feature_name)
     private
 
     def with_valid_feature_params(feature, on_error_url)
-      if valid_params?(feature)
+      if valid_feature_params?(feature)
         yield
       else
         errors = []
         errors << 'enter a feature name' unless param_present?(feature[:name])
-        errors << 'enter a feature name without spaces' if feature[:name].include?(' ')
+        errors << 'enter a feature name without spaces' if param_has_whitespace?(feature[:name])
         errors << 'select a group' unless param_present?(feature[:group])
         flash[:danger] = "You must #{errors.join(' and ')}."
         redirect on_error_url
       end
     end
 
-    def param_present?(param)
-      param && !param.empty?
+    def with_valid_group_params(group_name, on_error_url)
+      if param_present?(group_name) && !param_has_whitespace?(group_name)
+        yield
+      else
+        errors = []
+        errors << 'enter a group name' unless param_present?(group_name)
+        errors << 'enter a group name without spaces' if param_has_whitespace?(group_name)
+        flash[:danger] = "You must #{errors.join(' and ')}."
+        redirect on_error_url
+      end
     end
   end
 end
diff --git a/lib/bandiera/version.rb b/lib/bandiera/version.rb
index 8fc8bb5..1eb2afb 100644
--- a/lib/bandiera/version.rb
+++ b/lib/bandiera/version.rb
@@ -1,3 +1,3 @@
 module Bandiera
-  VERSION = '3.1.1'.freeze
+  VERSION = '3.1.2'.freeze
 end
diff --git a/lib/bandiera/web_app_base.rb b/lib/bandiera/web_app_base.rb
index e537761..ac689d0 100644
--- a/lib/bandiera/web_app_base.rb
+++ b/lib/bandiera/web_app_base.rb
@@ -65,12 +65,16 @@ def process_user_group_list_param(val)
       list.map(&:strip)
     end
 
-    def valid_params?(feature)
-      param_present?(feature[:name]) && !feature[:name].include?(' ') && param_present?(feature[:group])
+    def valid_feature_params?(feature)
+      param_present?(feature[:name]) && !param_has_whitespace?(feature[:name]) && param_present?(feature[:group])
     end
 
     def param_present?(param)
       param && !param.empty?
     end
+
+    def param_has_whitespace?(param)
+      param.match(/\s/)
+    end
   end
 end
diff --git a/spec/lib/bandiera/gui_spec.rb b/spec/lib/bandiera/gui_spec.rb
index 399b4d7..a7a6017 100644
--- a/spec/lib/bandiera/gui_spec.rb
+++ b/spec/lib/bandiera/gui_spec.rb
@@ -93,6 +93,28 @@
         check_error_flash('You must enter a group name')
       end
     end
+
+    context 'with a space in the group name' do
+      it 'shows validation errors' do
+        within('form') do
+          fill_in 'group_name', with: ' foo'
+          click_button 'Create'
+        end
+
+        check_error_flash('You must enter a group name without spaces')
+      end
+    end
+
+    context 'with a tab in the group name' do
+      it 'shows validation errors' do
+        within('form') do
+          fill_in 'group_name', with: "foo\t"
+          click_button 'Create'
+        end
+
+        check_error_flash('You must enter a group name without spaces')
+      end
+    end
   end
 
   describe 'adding a new feature flag' do
@@ -179,6 +201,20 @@
         check_error_flash('You must enter a feature name without spaces')
       end
     end
+
+    context 'with a feature flag name containing a tab' do
+      it 'shows validation errors' do
+        within('form') do
+          select 'pubserv', from: 'feature_group'
+          fill_in 'feature_name', with: "TEST-FEATURE\t"
+          fill_in 'feature_description', with: 'This is a test feature.'
+          choose 'feature_active_true'
+          click_button 'Create'
+        end
+
+        check_error_flash('You must enter a feature name without spaces')
+      end
+    end
   end
 
   describe 'removing a feature flag' do