diff --git a/src/routes/profile.js b/src/routes/profile.js
index 431c125..11b5edb 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -28,6 +28,7 @@ if any, to sign a "copyright disclaimer" for the program, if necessary. For
 more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
 */
 import express from 'express'
+import { param } from 'express-validator'
 import bodyParserImport from 'body-parser'
 import { rateLimit } from 'express-rate-limit'
 import { generateSignatureProfile, utils, generateWKDProfile, generateHKPProfile, generateAutoProfile, generateKeybaseProfile } from '../server/index.js'
@@ -60,90 +61,112 @@ if (process.env.ENABLE_EXPERIMENTAL_RATE_LIMITER) {
     { component: 'profile_rate_limiter', action: 'start' })
 }
 
-router.get('/sig', profileRateLimiter, (req, res) => {
-  res.render('profile', { isSignature: true, signature: null, meta: getMetaFromReq(req) })
-})
-
-router.post('/sig', profileRateLimiter, bodyParser, async (req, res) => {
-  const data = await generateSignatureProfile(req.body.signature)
-  const title = utils.generatePageTitle('profile', data)
-  res.set('ariadne-identity-proof', data.identifier)
-  res.render('profile', {
-    title,
-    data: data instanceof Profile ? data.toJSON() : data,
-    isSignature: true,
-    signature: req.body.signature,
-    enable_message_encryption: false,
-    enable_signature_verification: false,
-    meta: getMetaFromReq(req)
+router.get('/sig',
+  profileRateLimiter,
+  (req, res) => {
+    res.render('profile', { isSignature: true, signature: null, meta: getMetaFromReq(req) })
   })
-})
 
-router.get('/wkd/:id', profileRateLimiter, async (req, res) => {
-  const data = await generateWKDProfile(req.params.id)
-  const title = utils.generatePageTitle('profile', data)
-  res.set('ariadne-identity-proof', data.identifier)
-  res.render('profile', {
-    title,
-    data: data instanceof Profile ? data.toJSON() : data,
-    enable_message_encryption: false,
-    enable_signature_verification: false,
-    meta: getMetaFromReq(req)
+router.post('/sig',
+  profileRateLimiter,
+  bodyParser,
+  async (req, res) => {
+    const data = await generateSignatureProfile(req.body.signature)
+    const title = utils.generatePageTitle('profile', data)
+    res.set('ariadne-identity-proof', data.identifier)
+    res.render('profile', {
+      title,
+      data: data instanceof Profile ? data.toJSON() : data,
+      isSignature: true,
+      signature: req.body.signature,
+      enable_message_encryption: false,
+      enable_signature_verification: false,
+      meta: getMetaFromReq(req)
+    })
   })
-})
 
-router.get('/hkp/:id', profileRateLimiter, async (req, res) => {
-  const data = await generateHKPProfile(req.params.id)
-  const title = utils.generatePageTitle('profile', data)
-  res.set('ariadne-identity-proof', data.identifier)
-  res.render('profile', {
-    title,
-    data: data instanceof Profile ? data.toJSON() : data,
-    enable_message_encryption: false,
-    enable_signature_verification: false,
-    meta: getMetaFromReq(req)
+router.get('/wkd/:id',
+  profileRateLimiter,
+  param('id').escape(),
+  async (req, res) => {
+    const data = await generateWKDProfile(req.params.id)
+    const title = utils.generatePageTitle('profile', data)
+    res.set('ariadne-identity-proof', data.identifier)
+    res.render('profile', {
+      title,
+      data: data instanceof Profile ? data.toJSON() : data,
+      enable_message_encryption: false,
+      enable_signature_verification: false,
+      meta: getMetaFromReq(req)
+    })
   })
-})
 
-router.get('/hkp/:server/:id', profileRateLimiter, async (req, res) => {
-  const data = await generateHKPProfile(req.params.id, req.params.server)
-  const title = utils.generatePageTitle('profile', data)
-  res.set('ariadne-identity-proof', data.identifier)
-  res.render('profile', {
-    title,
-    data: data instanceof Profile ? data.toJSON() : data,
-    enable_message_encryption: false,
-    enable_signature_verification: false,
-    meta: getMetaFromReq(req)
+router.get('/hkp/:id',
+  profileRateLimiter,
+  param('id').escape(),
+  async (req, res) => {
+    const data = await generateHKPProfile(req.params.id)
+    const title = utils.generatePageTitle('profile', data)
+    res.set('ariadne-identity-proof', data.identifier)
+    res.render('profile', {
+      title,
+      data: data instanceof Profile ? data.toJSON() : data,
+      enable_message_encryption: false,
+      enable_signature_verification: false,
+      meta: getMetaFromReq(req)
+    })
   })
-})
 
-router.get('/keybase/:username/:fingerprint', profileRateLimiter, async (req, res) => {
-  const data = await generateKeybaseProfile(req.params.username, req.params.fingerprint)
-  const title = utils.generatePageTitle('profile', data)
-  res.set('ariadne-identity-proof', data.identifier)
-  res.render('profile', {
-    title,
-    data: data instanceof Profile ? data.toJSON() : data,
-    enable_message_encryption: false,
-    enable_signature_verification: false,
-    meta: getMetaFromReq(req)
+router.get('/hkp/:server/:id',
+  profileRateLimiter,
+  param('server').escape(),
+  param('id').escape(),
+  async (req, res) => {
+    const data = await generateHKPProfile(req.params.id, req.params.server)
+    const title = utils.generatePageTitle('profile', data)
+    res.set('ariadne-identity-proof', data.identifier)
+    res.render('profile', {
+      title,
+      data: data instanceof Profile ? data.toJSON() : data,
+      enable_message_encryption: false,
+      enable_signature_verification: false,
+      meta: getMetaFromReq(req)
+    })
   })
-})
 
-router.get('/:id', profileRateLimiter, async (req, res) => {
-  const data = await generateAutoProfile(req.params.id)
-  const theme = generateProfileTheme(data)
-  const title = utils.generatePageTitle('profile', data)
-  res.set('ariadne-identity-proof', data.identifier)
-  res.render('profile', {
-    title,
-    data: data instanceof Profile ? data.toJSON() : data,
-    enable_message_encryption: false,
-    enable_signature_verification: false,
-    theme,
-    meta: getMetaFromReq(req)
+router.get('/keybase/:username/:fingerprint',
+  profileRateLimiter,
+  param('username').escape(),
+  param('fingerprint').escape(),
+  async (req, res) => {
+    const data = await generateKeybaseProfile(req.params.username, req.params.fingerprint)
+    const title = utils.generatePageTitle('profile', data)
+    res.set('ariadne-identity-proof', data.identifier)
+    res.render('profile', {
+      title,
+      data: data instanceof Profile ? data.toJSON() : data,
+      enable_message_encryption: false,
+      enable_signature_verification: false,
+      meta: getMetaFromReq(req)
+    })
+  })
+
+router.get('/:id',
+  profileRateLimiter,
+  param('id').escape(),
+  async (req, res) => {
+    const data = await generateAutoProfile(req.params.id)
+    const theme = generateProfileTheme(data)
+    const title = utils.generatePageTitle('profile', data)
+    res.set('ariadne-identity-proof', data.identifier)
+    res.render('profile', {
+      title,
+      data: data instanceof Profile ? data.toJSON() : data,
+      enable_message_encryption: false,
+      enable_signature_verification: false,
+      theme,
+      meta: getMetaFromReq(req)
+    })
   })
-})
 
 export default router