diff --git a/apps/jetpack/errors.py b/apps/jetpack/errors.py
index 5cc5f8a0..b16fbf97 100644
--- a/apps/jetpack/errors.py
+++ b/apps/jetpack/errors.py
@@ -16,12 +16,15 @@ class DependencyException(SimpleException):
 class FilenameExistException(SimpleException):
     " This filename already exists - it has to be unique "
 
+
 class IllegalFilenameException(SimpleException):
     " This filename contains illegal characters "
 
+
 class IllegalFileException(SimpleException):
     " This file is not allowed "
 
+
 class UpdateDeniedException(SimpleException):
     " This item may not be updated "
 
@@ -29,9 +32,11 @@ class UpdateDeniedException(SimpleException):
 class AddingAttachmentDenied(SimpleException):
     " Attachment may not be added "
 
+
 class AttachmentWriteException(SimpleException):
     " Attachment failed to properly save to disk "
 
+
 class AddingModuleDenied(SimpleException):
     " Modulke may not be added "
 
@@ -42,3 +47,13 @@ class SingletonCopyException(SimpleException):
 
 class ManifestNotValid(SimpleException):
     " Upload failed due to package.json malfunction "
+
+
+class KeyNotAllowed(SimpleException):
+    " Package keys are whitelisted. "
+
+    def __init__(self, allowed_keys):
+        value = ('Invalid key.<br/>'
+                 'allowed keys: %s'
+                 ) % ', '.join(allowed_keys)
+        super(KeyNotAllowed, self).__init__(value)
diff --git a/apps/jetpack/models.py b/apps/jetpack/models.py
index 00f3669d..b33d2847 100644
--- a/apps/jetpack/models.py
+++ b/apps/jetpack/models.py
@@ -47,7 +47,8 @@
 from jetpack.errors import (SelfDependencyException, FilenameExistException,
                             UpdateDeniedException, SingletonCopyException,
                             DependencyException, AttachmentWriteException,
-                            IllegalFilenameException, IllegalFileException)
+                            IllegalFilenameException, IllegalFileException,
+                            KeyNotAllowed)
 from jetpack.managers import SDKManager, PackageManager
 
 from utils import validator
@@ -789,6 +790,14 @@ def set_version(self, version_name, current=True):
 
         return super(PackageRevision, self).save()
 
+    @staticmethod
+    def validate_extra_json(extra_json):
+        allowed_keys = ('contributors', 'homepage', 'icon', 'icon64',
+                'preferences', 'license')
+        for key in extra_json.keys():
+            if key not in allowed_keys:
+                raise KeyNotAllowed(allowed_keys)
+
     def set_extra_json(self, extra_json, save=True):
         """
         Sets self.extra_json, adds commit message, and saves revision
@@ -801,6 +810,8 @@ def set_extra_json(self, extra_json, save=True):
         if extra_json:
             # check for valid JSON, plus clean out filenames
             json = simplejson.loads(extra_json)
+            # check if the keys are allowed
+            PackageRevision.validate_extra_json(json)
             # possible file names: icon, icon64
             # also possibly lib, tests, main, but FlightDeck overrides
             properties_to_check = ('icon', 'icon64',)
diff --git a/apps/jetpack/views.py b/apps/jetpack/views.py
index a087e1b2..61a46980 100644
--- a/apps/jetpack/views.py
+++ b/apps/jetpack/views.py
@@ -45,7 +45,7 @@
 from jetpack.models import (Package, PackageRevision, Module, Attachment, SDK,
                            EmptyDir, EDITABLE_EXTENSIONS)
 from jetpack.errors import (FilenameExistException, DependencyException,
-                            IllegalFilenameException)
+                            IllegalFilenameException, KeyNotAllowed)
 
 from person.models import Profile
 
@@ -940,6 +940,8 @@ def save(request, revision_id, type_id=None):
                     'Extra package properties were invalid JSON.')
         except IllegalFilenameException, e:
             return HttpResponseBadRequest(str(e))
+        except KeyNotAllowed, e:
+            return HttpResponseForbidden(str(e))
         response_data['package_extra_json'] = extra_json