diff --git a/App/Controllers/Home.php b/App/Controllers/Home.php
index c6e76ce..357fe35 100644
--- a/App/Controllers/Home.php
+++ b/App/Controllers/Home.php
@@ -38,6 +38,12 @@ class Home
 
         // Login
         if ($args) {
+            // Avoid XSS
+            $args['exclude'] = [
+                'password'
+            ];
+            $args = XSS::avoid($args);
+            
             $username = $args['username'];
             $password = $args['password'];
 
@@ -122,8 +128,13 @@ class Home
         $args['salt'] = $salt;
         $args['password'] = $password;
 
-        $args['full_name'] = htmlspecialchars($args['full_name']);
-        $args['username'] = htmlspecialchars($args['username']);
+        // Avoid XSS attack
+        // Exclude password and salt
+        $args['exclude'] = [
+            'salt',
+            'password'
+        ];
+        $args = XSS::avoid($args);
 
         $data = $this->model->showAll();
         foreach ($data as $users) {