diff --git a/server/szurubooru/func/tag_categories.py b/server/szurubooru/func/tag_categories.py
index beeef9b8..c5f088fe 100644
--- a/server/szurubooru/func/tag_categories.py
+++ b/server/szurubooru/func/tag_categories.py
@@ -51,6 +51,8 @@ def update_category_name(category, name):
 def update_category_color(category, color):
     if not color:
         raise InvalidTagCategoryNameError('Color cannot be empty.')
+    if not re.match(r'^#?[a-z]+$', color):
+        raise InvalidTagCategoryNameError('Invalid color.')
     if util.value_exceeds_column_size(color, db.TagCategory.color):
         raise InvalidTagCategoryColorError('Color is too long.')
     category.color = color
diff --git a/server/szurubooru/tests/api/test_tag_category_updating.py b/server/szurubooru/tests/api/test_tag_category_updating.py
index fad62684..15a100a4 100644
--- a/server/szurubooru/tests/api/test_tag_category_updating.py
+++ b/server/szurubooru/tests/api/test_tag_category_updating.py
@@ -56,6 +56,7 @@ def test_simple_updating(test_ctx):
     {'name': '!bad'},
     {'color': None},
     {'color': ''},
+    {'color': '; float:left'},
 ])
 def test_trying_to_pass_invalid_input(test_ctx, input):
     db.session.add(test_ctx.tag_category_factory(name='meta', color='black'))