diff --git a/src/xrt/state_trackers/oxr/oxr_api_verify.h b/src/xrt/state_trackers/oxr/oxr_api_verify.h
index 8da93b0f34e3654df2d2274182056a48a35f0a39..21d80e7833a3b6067667bc4318da01dc1530ec45 100644
--- a/src/xrt/state_trackers/oxr/oxr_api_verify.h
+++ b/src/xrt/state_trackers/oxr/oxr_api_verify.h
@@ -136,10 +136,13 @@ extern "C" {
  *
  */
 
+/*!
+ * Verify a single path level that sits inside of a fixed sized array.
+ */
 XrResult
 oxr_verify_fixed_size_single_level_path(struct oxr_logger*,
                                         const char* path,
-                                        uint32_t size,
+                                        uint32_t array_size,
                                         const char* name);
 
 XrResult
diff --git a/src/xrt/state_trackers/oxr/oxr_verify.cpp b/src/xrt/state_trackers/oxr/oxr_verify.cpp
index 7c3e69653b58365459d9e4c8f45c71c96edf2584..c9945f3b4782d0206098f5863c741680baf28383 100644
--- a/src/xrt/state_trackers/oxr/oxr_verify.cpp
+++ b/src/xrt/state_trackers/oxr/oxr_verify.cpp
@@ -9,7 +9,8 @@
  * @ingroup oxr_api
  */
 
-#include <stdio.h>
+#include <cstdio>
+#include <cstring>
 
 #include "xrt/xrt_compiler.h"
 #include "util/u_debug.h"
@@ -25,6 +26,24 @@
  *
  */
 
+static bool
+valid_path_char(const char c)
+{
+	if ('a' <= c && c <= 'z') {
+		return true;
+	}
+
+	if ('0' <= c && c <= '9') {
+		return true;
+	}
+
+	if (c == '-' || c == '_' || c == '.' || c == '/') {
+		return true;
+	}
+
+	return false;
+}
+
 static bool
 contains_zero(const char* path, uint32_t size)
 {
@@ -40,10 +59,10 @@ contains_zero(const char* path, uint32_t size)
 extern "C" XrResult
 oxr_verify_fixed_size_single_level_path(struct oxr_logger* log,
                                         const char* path,
-                                        uint32_t size,
+                                        uint32_t array_size,
                                         const char* name)
 {
-	if (size == 0) {
+	if (array_size == 0) {
 		return oxr_error(log, XR_ERROR_VALIDATION_FAILURE,
 		                 "(%s) internal runtime error", name);
 	}
@@ -53,13 +72,26 @@ oxr_verify_fixed_size_single_level_path(struct oxr_logger* log,
 		                 "(%s) can not be empty", name);
 	}
 
-	if (!contains_zero(path, size)) {
+	if (!contains_zero(path, array_size)) {
 		return oxr_error(log, XR_ERROR_VALIDATION_FAILURE,
 		                 "(%s) must include zero termination '\\0'.",
 		                 name);
 	}
 
-	//! @todo verify more!
+	size_t length = strlen(path);
+	for (size_t i = 0; i < length; i++) {
+		const char c = path[i];
+
+		// Slashes are not valid in single level paths.
+		if (valid_path_char(c) && c != '/') {
+			continue;
+		}
+
+		return oxr_error(
+		    log, XR_ERROR_VALIDATION_FAILURE,
+		    "(%s) 0x%02x is not a valid character at position %u", name,
+		    c, (uint32_t)i);
+	}
 
 	return XR_SUCCESS;
 }