diff --git a/backend/validators/authValidator.js b/backend/validators/authValidator.js
index ab4dac07..fe4b5543 100644
--- a/backend/validators/authValidator.js
+++ b/backend/validators/authValidator.js
@@ -1,19 +1,27 @@
 const { z } = require("zod");
 
+const sanitizeString = (str) => {
+  return str
+    .trim()
+    .replace(/[<>\"'`;]/g, '')
+    .replace(/javascript:/gi, '')
+    .replace(/on\w+\s*=/gi, '');
+};
+
 const signupSchema = z.object({
     username: z.string()
         .trim()
+        .transform(sanitizeString)
         .min(3, "Username must be at least 3 characters long")
         .max(30, "Username must be at most 30 characters long")
-        .regex(/^[a-zA-Z0-9_]+$/, "Username can only contain letters, numbers, and underscores")
-        ,
-    
+        .regex(/^[a-zA-Z0-9_]+$/, "Username can only contain letters, numbers, and underscores"),
+
     email: z.string()
         .trim()
         .toLowerCase()
+        .transform(sanitizeString)
         .email("Invalid email address"),
 
-
     password: z.string()
         .min(8, "Password must be at least 8 characters long")
         .max(100, "Password must be at most 100 characters long")
@@ -28,6 +36,7 @@ const loginSchema = z.object({
     email: z.string()
         .trim()
         .toLowerCase()
+        .transform(sanitizeString)
         .email("Invalid email address"),
     password: z.string()
         .min(8, "Password must be at least 8 characters long")