diff --git a/backend/users/models.py b/backend/users/models.py
index 079b998..42505b8 100644
--- a/backend/users/models.py
+++ b/backend/users/models.py
@@ -9,8 +9,8 @@ class User(models.Model):
     ]
 
     user_id = models.IntegerField(primary_key=True)
-    nickname = models.CharField(max_length=255)
-    email = models.EmailField(max_length=255)
+    nickname = models.CharField(max_length=12)
+    email = models.EmailField(max_length=255 )
     img_url = models.URLField(blank=True)
     is_2FA = models.BooleanField(default=False)
     is_online = models.BooleanField(default=False)
diff --git a/backend/users/views.py b/backend/users/views.py
index 4f72a01..8603bf0 100644
--- a/backend/users/views.py
+++ b/backend/users/views.py
@@ -14,6 +14,7 @@
 from login.views import decode_jwt
 from drf_yasg.utils import swagger_auto_schema
 from game.onlineConsumers import OnlineConsumer
+from django.utils.html import escape
 
 
 class UserDetailView(APIView):
@@ -36,6 +37,8 @@ def put(self, request):
         # FIXME: is_online도 변경이 가능함 수정 필요
         serializer = UserSerializer(user, data=request.data, partial=True)
         if serializer.is_valid():
+            serializer.validated_data['nickname'] = escape(serializer.validated_data['nickname'])
+            serializer.validated_data['img_url'] = escape(serializer.validated_data['img_url'])
             serializer.save()
             return JsonResponse(serializer.data)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)