Index: src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php
===================================================================
--- src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php
+++ src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php
@@ -26,25 +26,36 @@
     $pref_monospaced_textareas =
       PhabricatorUserPreferences::PREFERENCE_MONOSPACED_TEXTAREAS;
 
+    $errors = array();
     if ($request->isFormPost()) {
       $monospaced = $request->getStr($pref_monospaced);
-
-      // Prevent the user from doing stupid things.
-      $monospaced = preg_replace('/[^a-z0-9 ,"]+/i', '', $monospaced);
+      if (!preg_match('/^[^"]*("[^"]*"[^"]*)*$/', $monospaced) ||
+          preg_match('/[^a-z0-9 ,"-](?=(?:[^"]*"[^"]*")*[^"]*$)/i',
+            $monospaced)) {
+        $errors[] = pht(
+          'Monospaced Font definition must not contain any mismatched double '.
+          'quotes, and any font names that do not consist of purely '.
+          'alphanumeric, space, comma, double quote, or hyphen characters '.
+          'must be wrapped in double quotes.');
+      } else {
+        $preferences->setPreference($pref_monospaced, $monospaced);
+      }
 
       $preferences->setPreference($pref_titles, $request->getStr($pref_titles));
       $preferences->setPreference($pref_editor, $request->getStr($pref_editor));
       $preferences->setPreference(
         $pref_multiedit,
         $request->getStr($pref_multiedit));
-      $preferences->setPreference($pref_monospaced, $monospaced);
       $preferences->setPreference(
         $pref_monospaced_textareas,
         $request->getStr($pref_monospaced_textareas));
 
       $preferences->save();
-      return id(new AphrontRedirectResponse())
-        ->setURI($this->getPanelURI('?saved=true'));
+
+      if (!$errors) {
+        return id(new AphrontRedirectResponse())
+          ->setURI($this->getPanelURI('?saved=true'));
+      }
     }
 
     $example_string = <<<EXAMPLE
@@ -138,11 +149,17 @@
         ->setValue(pht('Save Preferences')));
 
     $error_view = null;
-    if ($request->getStr('saved') === 'true') {
+    if (!$errors) {
+      if ($request->getStr('saved') === 'true') {
+        $error_view = id(new AphrontErrorView())
+          ->setTitle(pht('Preferences Saved'))
+          ->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
+          ->setErrors(array(pht('Your preferences have been saved.')));
+      }
+    } else {
       $error_view = id(new AphrontErrorView())
-        ->setTitle(pht('Preferences Saved'))
-        ->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
-        ->setErrors(array(pht('Your preferences have been saved.')));
+        ->setTitle(pht('Form Errors'))
+        ->setErrors($errors);
     }
 
     $form_box = id(new PHUIObjectBoxView())