I have an "upload_photo.php" script that allows Users to add a "Photo Label" below the Photo they are uploading.

This gets displayed using the TITLE attribute in the IMG tag.

Is there any reason why I would want to restrict what characters can go in the "Photo Label"?

Not sure if this is a possible "Attack Vector" or not?