diff --git a/EnvelopeGenerator.Web/Controllers/HomeController.cs b/EnvelopeGenerator.Web/Controllers/HomeController.cs
index ff7a2832..4bf469aa 100644
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@@ -17,6 +17,7 @@ using EnvelopeGenerator.Application.Resources;
 using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
 using static EnvelopeGenerator.Common.Constants;
 using EnvelopeGenerator.Domain.Entities;
+using Ganss.Xss;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
@@ -28,19 +29,19 @@ namespace EnvelopeGenerator.Web.Controllers
         private readonly IEnvelopeHistoryService _historyService;
         private readonly IStringLocalizer<Resource> _localizer;
         private readonly IConfiguration _configuration;
-        private readonly UrlEncoder _urlEncoder;
+        private readonly HtmlSanitizer _sanitizer;
         private readonly Cultures _cultures;
         private readonly IEnvelopeMailService _mailService;
         private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
 
-        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, UrlEncoder urlEncoder, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
+        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
         {
             this.envelopeOldService = envelopeOldService;
             _envRcvService = envelopeReceiverService;
             _historyService = historyService;
             _localizer = localizer;
             _configuration = configuration;
-            _urlEncoder = urlEncoder;
+            _sanitizer = sanitizer;
             _cultures = cultures;
             _mailService = envelopeMailService;
             _logger = logger;
@@ -52,7 +53,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                //envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
 
                 if (!envelopeReceiverId.TryDecode(out var decoded))
                 {
@@ -103,8 +104,8 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                culture = culture is not null ? _urlEncoder.Encode(culture) : null;
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                culture = culture is not null ? _sanitizer.Sanitize(culture) : null;
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
 
                 if (UserLanguage is null && culture is null)
                 {
@@ -139,7 +140,7 @@ namespace EnvelopeGenerator.Web.Controllers
             {
                 ViewData["UserCulture"] = _cultures[UserLanguage];
 
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
                 (string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
 
                 if (uuid is null || signature is null)
@@ -246,7 +247,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
                 return await _envRcvService.IsExisting(envelopeReceiverId: envelopeReceiverId).ThenAsync(
                     SuccessAsync: async isExisting =>
                     {
@@ -280,7 +281,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
 
                 await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                 return await _envRcvService.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId).ThenAsync(
@@ -310,7 +311,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                //readOnlyKey = _urlEncoder.Encode(readOnlyKey);
+                readOnlyKey = _sanitizer.Sanitize(readOnlyKey);
 
                 // check if the readOnlyId is valid
                 if (!readOnlyKey.TryDecode(out var decodedKeys) || decodedKeys.GetEncodeType() != EncodeType.EnvelopeReceiverReadOnly)
@@ -379,7 +380,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                language = _urlEncoder.Encode(language);
+                language = _sanitizer.Sanitize(language);
                 if (!_cultures.Languages.Contains(language))
                     return BadRequest();