diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 68616e3e..53b86d6f 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -442,6 +442,10 @@ class User {
    **/
   public function register($username, $password1, $password2, $pin, $email1='', $email2='') {
     $this->debug->append("STA " . __METHOD__, 4);
+    if (strlen($username > 40)) {
+      $this->setErrorMessage('Username exceeding character limit');
+      return false;
+    }
     if ($this->getEmail($email1)) {
       $this->setErrorMessage( 'This e-mail address is already taken' );
       return false;
@@ -482,8 +486,9 @@ class User {
     $password_hash = $this->getHash($password1);
     $pin_hash = $this->getHash($pin);
     $apikey_hash = $this->getHash($username);
+    $username_clean = strip_tags($username);
 
-    if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username, $password_hash, $email1, $pin_hash, $apikey_hash)) {
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username_clean, $password_hash, $email1, $pin_hash, $apikey_hash)) {
       if (!$stmt->execute()) {
         $this->setErrorMessage( 'Unable to register' );
         if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Username or email already registered' );
diff --git a/public/templates/mmcFE/account/edit/default.tpl b/public/templates/mmcFE/account/edit/default.tpl
index c15b56d4..fd445286 100644
--- a/public/templates/mmcFE/account/edit/default.tpl
+++ b/public/templates/mmcFE/account/edit/default.tpl
@@ -4,7 +4,7 @@
       <input type="hidden" name="action" value="{$smarty.request.action|escape}">
       <input type="hidden" name="do" value="updateAccount">
       <table>
-        <tbody><tr><td>Username: </td><td>{$GLOBAL.userdata.username}</td></tr>
+        <tbody><tr><td>Username: </td><td>{$GLOBAL.userdata.username|escape}</td></tr>
         <tr><td>User Id: </td><td>{$GLOBAL.userdata.id}</td></tr>
         <tr><td>API Key: </td><td><a href="{$smarty.server.PHP_SELF}?page=api&action=getuserstatus&api_key={$GLOBAL.userdata.api_key}&id={$GLOBAL.userdata.id}">{$GLOBAL.userdata.api_key}</a></td></tr>
         <tr><td>E-Mail: </td><td><input type="text" name="email" value="{nocache}{$GLOBAL.userdata.email|escape}{/nocache}" size="20"></td></tr>
diff --git a/public/templates/mmcFE/admin/user/default.tpl b/public/templates/mmcFE/admin/user/default.tpl
index 8c65c49f..fef10bfa 100644
--- a/public/templates/mmcFE/admin/user/default.tpl
+++ b/public/templates/mmcFE/admin/user/default.tpl
@@ -48,8 +48,8 @@
 {section name=user loop=$USERS|default}
     <tr>
       <td class="center">{$USERS[user].id}</td>
-      <td>{$USERS[user].username}</td>
-      <td>{$USERS[user].email}</td>
+      <td>{$USERS[user].username|escape}</td>
+      <td>{$USERS[user].email|escape}</td>
       <td class="right">{$USERS[user].shares}</td>
       <td class="right">{$USERS[user].hashrate}</td>
       <td class="right">{$USERS[user].payout.est_donation|number_format:"8"}</td>
diff --git a/public/templates/mmcFE/global/userinfo.tpl b/public/templates/mmcFE/global/userinfo.tpl
index 92105bdc..d9745394 100644
--- a/public/templates/mmcFE/global/userinfo.tpl
+++ b/public/templates/mmcFE/global/userinfo.tpl
@@ -1,5 +1,5 @@
 {if $GLOBAL.userdata.username|default}
-            <h2>Welcome, {$smarty.session.USERDATA.username} <font size='1px'><b>Active Account</b>: <b>{$GLOBAL.fees}%</b> Pool Fee</font> <font size='1px'><i>(You are <a href='{$smarty.server.PHP_SELF}?page=account&action=edit'>donating</a> <b></i>{$GLOBAL.userdata.donate_percent}%</b> <i>of your earnings)</i></font></h2>
+            <h2>Welcome, {$smarty.session.USERDATA.username|escape} <font size='1px'><b>Active Account</b>: <b>{$GLOBAL.fees|escape}%</b> Pool Fee</font> <font size='1px'><i>(You are <a href='{$smarty.server.PHP_SELF}?page=account&action=edit'>donating</a> <b></i>{$GLOBAL.userdata.donate_percent|escape}%</b> <i>of your earnings)</i></font></h2>
 {else}
             <h2>Welcome guest, <font size="1px"> please <a href="{$smarty.server.PHP_SELF}?page=register">register</a> to user this pool.</font></h2>
 {/if}
diff --git a/public/templates/mmcFE/statistics/blocks/default.tpl b/public/templates/mmcFE/statistics/blocks/default.tpl
index f404673c..0856a269 100644
--- a/public/templates/mmcFE/statistics/blocks/default.tpl
+++ b/public/templates/mmcFE/statistics/blocks/default.tpl
@@ -57,7 +57,7 @@ target and network difficulty and assuming a zero variance scenario.
         {else if $BLOCKSFOUND[block].confirmations == -1}
           <font color="red">Orphan</font>
         {else}{$GLOBAL.confirmations - $BLOCKSFOUND[block].confirmations} left{/if}</td>
-        <td>{$BLOCKSFOUND[block].finder|default:"unknown"}</td>
+        <td>{$BLOCKSFOUND[block].finder|default:"unknown"|escape}</td>
         <td class="center">{$BLOCKSFOUND[block].time|date_format:"%d/%m %H:%M:%S"}</td>
         <td class="right">{$BLOCKSFOUND[block].difficulty|number_format:"2"}</td>
         <td class="right">{$BLOCKSFOUND[block].amount|number_format:"2"}</td>
diff --git a/public/templates/mmcFE/statistics/blocks/small_table.tpl b/public/templates/mmcFE/statistics/blocks/small_table.tpl
index 731d57ef..2b0f8aac 100644
--- a/public/templates/mmcFE/statistics/blocks/small_table.tpl
+++ b/public/templates/mmcFE/statistics/blocks/small_table.tpl
@@ -14,7 +14,7 @@
 {section block $BLOCKSFOUND}
       <tr class="{cycle values="odd,even"}">
         <td class="center"><a href="{$GLOBAL.blockexplorer}{$BLOCKSFOUND[block].height}" target="_blank">{$BLOCKSFOUND[block].height}</a></td>
-        <td>{$BLOCKSFOUND[block].finder|default:"unknown"}</td>
+        <td>{$BLOCKSFOUND[block].finder|default:"unknown"|escape}</td>
         <td class="center">{$BLOCKSFOUND[block].time|date_format:"%d/%m %H:%M:%S"}</td>
         <td class="right">{$BLOCKSFOUND[block].shares|number_format}</td>
       </tr>
diff --git a/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl b/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl
index a2a6ed58..b6168c36 100644
--- a/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl
+++ b/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl
@@ -17,7 +17,7 @@
       {math assign="estday" equation="round(reward / ( diff * pow(2,32) / ( hashrate * 1000 ) / 3600 / 24), 3)" diff=$DIFFICULTY reward=$REWARD hashrate=$CONTRIBHASHES[contrib].hashrate}
       <tr{if $GLOBAL.userdata.username == $CONTRIBHASHES[contrib].account}{assign var=listed value=1} style="background-color:#99EB99;"{else} class="{cycle values="odd,even"}"{/if}>
         <td>{$rank++}</td>
-        <td>{$CONTRIBHASHES[contrib].account}</td>
+        <td>{$CONTRIBHASHES[contrib].account|escape}</td>
         <td class="right">{$CONTRIBHASHES[contrib].hashrate|number_format}</td>
         <td class="right">{$estday|number_format:"3"}</td>
         {if $GLOBAL.config.price.currency}<td class="right">{($estday * $GLOBAL.price)|default:"n/a"|number_format:"2"}</td>{/if}
@@ -27,7 +27,7 @@
       {if $GLOBAL.userdata.hashrate > 0}{math assign="myestday" equation="round(reward / ( diff * pow(2,32) / ( hashrate * 1000 ) / 3600 / 24), 3)" diff=$DIFFICULTY reward=$REWARD hashrate=$GLOBAL.userdata.hashrate}{/if}
       <tr style="background-color:#99EB99;">
         <td>n/a</td>
-        <td>{$GLOBAL.userdata.username}</td>
+        <td>{$GLOBAL.userdata.username|escape}</td>
         <td class="right">{$GLOBAL.userdata.hashrate}</td>
         <td class="right">{$myestday|number_format:"3"|default:"n/a"}</td>
         {if $GLOBAL.config.price.currency}<td class="right">{($myestday * $GLOBAL.price)|default:"n/a"|number_format:"2"}</td>{/if}
diff --git a/public/templates/mmcFE/statistics/pool/contributors_shares.tpl b/public/templates/mmcFE/statistics/pool/contributors_shares.tpl
index 2a482209..232e76b2 100644
--- a/public/templates/mmcFE/statistics/pool/contributors_shares.tpl
+++ b/public/templates/mmcFE/statistics/pool/contributors_shares.tpl
@@ -14,14 +14,14 @@
 {section hashrate $CONTRIBSHARES}
       <tr{if $GLOBAL.userdata.username == $CONTRIBSHARES[hashrate].account}{assign var=listed value=1} style="background-color:#99EB99;"{else} class="{cycle values="odd,even"}"{/if}>
         <td>{$rank++}</td>
-        <td>{$CONTRIBSHARES[hashrate].account}</td>
+        <td>{$CONTRIBSHARES[hashrate].account|escape}</td>
         <td class="right">{$CONTRIBSHARES[hashrate].shares|number_format}</td>
       </tr>
 {/section}
 {if $listed != 1 && $GLOBAL.userdata.username|default:""}
       <tr style="background-color:#99EB99;">
         <td>n/a</td>
-        <td>{$GLOBAL.userdata.username}</td>
+        <td>{$GLOBAL.userdata.username|escape}</td>
         <td class="right">{$GLOBAL.userdata.shares.valid|number_format}</td>
       </tr>
 {/if}