diff --git a/src/api/app/models/comment.rb b/src/api/app/models/comment.rb
index fdf3c3efd7b..3348770088b 100644
--- a/src/api/app/models/comment.rb
+++ b/src/api/app/models/comment.rb
@@ -7,6 +7,8 @@ class Comment < ApplicationRecord
   validates :body, :commentable, :user, presence: true
   # FIXME: this probably should be MEDIUMTEXT(16MB) instead of text (64KB)
   validates :body, length: { maximum: 65_535 }
+  validates :body, format: { with:    /\A[^\u0000]*\Z/,
+                             message: 'must not contain null characters' }
 
   validate :validate_parent_id