diff --git a/src/backend/base/langflow/components/processing/filter_data.py b/src/backend/base/langflow/components/processing/filter_data.py
index dae6457a5b78..a09de2b91088 100644
--- a/src/backend/base/langflow/components/processing/filter_data.py
+++ b/src/backend/base/langflow/components/processing/filter_data.py
@@ -150,10 +150,15 @@ def _filter_by_columns(self, dataframe: pd.DataFrame) -> pd.DataFrame:
 
     def _is_safe_jq_query(self, query: str) -> bool:
         """Validate JQ query for security."""
-        # Basic validation - only allow alphanumeric characters, dots, brackets,
-        # spaces, and common JQ operators
-        safe_chars = set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.[]() +-*/<>=|,")
-        return all(c in safe_chars for c in query) and len(query) < self.max_query_length
+        if len(query) >= self.max_query_length:
+            return False
+        safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.[]() +-*/<>=|,"
+        for c in query:
+            if c not in safe_chars:
+                return False
+
+        return True
+
 
     def process_data(self) -> Data:
         """Process data and return as Data object or list of Data objects."""