My regexp kung-fu is not the strongest, but it looks like you’ve only allowed for a single charachter here.
You may need to allow for some more
You may want to consider this around the other way though. Instead of forbidding chars, allow a restricted set.
validates_format_of /^\w+$/ will restrict the values allowable
(maybe too much so). You’ll need to check the docs to tune it to
your specific need.