Why Limit the Format of a Password?

I'm pretty sure it's so they don't have to quote the input before they run it through through their form regex to see if it's not malicious (XSS) user input.