All strings that are given to the Python API, which are later used as (or part of) a filename should be validated. Currently this is only done for workflow name, however it should be applied to job ids, etc. And "=" in a job name had caused an error on SAGA , for example.

Whatever validation that is done, should ensure that the given strings are safe for sub files AND the filesystem.