diff --git a/RestControllers/SettingsController.php b/RestControllers/SettingsController.php
index 55f7dcd..1caed37 100644
--- a/RestControllers/SettingsController.php
+++ b/RestControllers/SettingsController.php
@@ -57,8 +57,8 @@ class SettingsController {
 		//Create and fill a GeneralSettings object with the new values
 		$settings = new GeneralSettings();
 		$settings->set_id(userID);
-		$settings->set_firstName(postString("firstName", 3));
-		$settings->set_lastName(postString("lastName", 3));
+		$settings->set_firstName(removeHTMLnodes(postString("firstName", 3)));
+		$settings->set_lastName(removeHTMLnodes(postString("lastName", 3)));
 		$settings->set_publicPage(postBool("isPublic"));
 		$settings->set_openPage(postBool("isOpen"));
 		$settings->rationalizePublicOpenStatus();
@@ -69,6 +69,12 @@ class SettingsController {
 		$settings->set_virtualDirectory($virtualDirectory);
 		$settings->set_allowComunicMails(postBool("allow_comunic_mails"));
 
+		//Check personnal webiste
+		if($settings->has_personnalWebsite()){
+			if(!filter_var($settings->get_personnalWebsite(), FILTER_VALIDATE_URL))
+				Rest_fatal_error(401, "Invalid personnal URL!");
+		}
+
 		//Try to update settings
 		if(!components()->settings->save_general($settings))
 			Rest_fatal_error(500, "Coud not save user settings!");
diff --git a/RestControllers/accountController.php b/RestControllers/accountController.php
index 7838c16..2447d37 100644
--- a/RestControllers/accountController.php
+++ b/RestControllers/accountController.php
@@ -96,8 +96,8 @@ class accountController {
 		
 		//Create new account object
 		$newAccount = new NewAccount();
-		$newAccount->firstName = $firstName;
-		$newAccount->lastName = $lastName;
+		$newAccount->firstName = removeHTMLnodes($firstName);
+		$newAccount->lastName = removeHTMLnodes($lastName);
 		$newAccount->email = $email;
 		$newAccount->password = $password;
 
diff --git a/functions/requests.php b/functions/requests.php
index 8be83c0..7d4a2dc 100644
--- a/functions/requests.php
+++ b/functions/requests.php
@@ -500,7 +500,7 @@ function checkUserDirectoryValidity(string $directory) : bool {
 		return FALSE;
 	
 	//Check if the domain contains forbidden characters
-	if(str_replace(array(".html", ".txt", ".php", "à", "â", "é", "ê", "@", "/", "\"", "'", '"'), "", $directory) != $directory)
+	if(str_replace(array(".html", ".txt", ".php", "à", "â", "é", "ê", "@", "/", "\"", "'", '"', "<", ">", "?", "&", "#"), "", $directory) != $directory)
 		return FALSE;
 
 	//If we get there, the domain is valid