diff --git a/app/assets/javascripts/discourse/lib/user-search.js.es6 b/app/assets/javascripts/discourse/lib/user-search.js.es6
index e666a72a1b8..932d93b3c02 100644
--- a/app/assets/javascripts/discourse/lib/user-search.js.es6
+++ b/app/assets/javascripts/discourse/lib/user-search.js.es6
@@ -121,6 +121,10 @@ export default function userSearch(options) {
     topicId = options.topicId,
     group = options.group;
 
+  if (/[^\w.-]/.test(term)) {
+    term = "";
+  }
+
   if (oldSearch) {
     oldSearch.abort();
     oldSearch = null;
diff --git a/test/javascripts/lib/user-search-test.js.es6 b/test/javascripts/lib/user-search-test.js.es6
index 9d8bcbaf0a9..647a0ab50d4 100644
--- a/test/javascripts/lib/user-search-test.js.es6
+++ b/test/javascripts/lib/user-search-test.js.es6
@@ -1,4 +1,5 @@
 import userSearch from "discourse/lib/user-search";
+import { CANCELLED_STATUS } from "discourse/lib/autocomplete";
 
 QUnit.module("lib:user-search", {
   beforeEach() {
@@ -71,3 +72,8 @@ QUnit.test("it strips @ from the beginning", async assert => {
   let results = await userSearch({ term: "@Team" });
   assert.equal(results[results.length - 1]["name"], "team");
 });
+
+QUnit.test("it does not search for invalid usernames", async assert => {
+  let results = await userSearch({ term: "foo, " });
+  assert.equal(results, CANCELLED_STATUS);
+});