diff --git a/core/src/nats.ts b/core/src/nats.ts
index c0bc1d6a..4ebcec93 100644
--- a/core/src/nats.ts
+++ b/core/src/nats.ts
@@ -46,6 +46,8 @@ import type {
 import { createInbox } from "./core.ts";
 import { errors, InvalidArgumentError, TimeoutError } from "./errors.ts";
 
+const whitespaceRegex = /[ \n\r\t]/;
+
 export class NatsConnectionImpl implements NatsConnection {
   options: ConnectionOptions;
   protocol!: ProtocolHandler;
@@ -90,7 +92,7 @@ export class NatsConnectionImpl implements NatsConnection {
       throw new errors.DrainingConnectionError();
     }
     subject = subject || "";
-    if (subject.length === 0) {
+    if (subject.length === 0 || whitespaceRegex.test(subject)) {
       throw new errors.InvalidSubjectError(subject);
     }
   }
diff --git a/core/tests/basics_test.ts b/core/tests/basics_test.ts
index b899345a..a1984b1e 100644
--- a/core/tests/basics_test.ts
+++ b/core/tests/basics_test.ts
@@ -1800,3 +1800,17 @@ Deno.test("basics - close status", async () => {
   await d;
   await cleanup(ns, nc);
 });
+
+Deno.test("basics - pub subject verified", async () => {
+  const { ns, nc } = await setup();
+  assertThrows(
+    () => {
+      // subject that encodes a protocol pub...
+      nc.publish("foo 6\r\npwntus\r\nPUB bar");
+    },
+    Error,
+    "illegal subject",
+  );
+
+  await cleanup(ns, nc);
+});