diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index df76ebd78..0789dca4e 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -1,4 +1,5 @@
 7.5.3
+ - prevent HTML and Macro injection in usernames
 
 7.5.2
  - add: Auth modules now accept a "returnUrl" form parameter when logging in
diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm
index cad39b4ec..dcee45760 100644
--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@@ -78,7 +78,12 @@ sub _isValidUsername {
 
 	return 1 if($self->userId ne "1" && $self->session->user->username eq $username);
 
-	my $i18n = WebGUI::International->new($self->session);
+    my $i18n = WebGUI::International->new($self->session);
+
+    my $filteredUsername = WebGUI::HTML::filter($username, 'all');
+    if ($username ne $filteredUsername) {
+        $error .= '<li>' . $i18n->get('username no html') . '</li>';
+    }
 
 	if ($username =~ /^\s/ || $username =~ /\s$/) {
 		$error .= '<li>'.$i18n->get(724).'</li>';
@@ -889,7 +894,6 @@ Validates the a username.
 sub validUsername {
 	my $self = shift;
 	my $username = shift;
-	WebGUI::Macro::negate(\$username);
 	my $error = "";
 
 	if ($self->_isDuplicateUsername($username)) {
diff --git a/lib/WebGUI/i18n/English/WebGUI.pm b/lib/WebGUI/i18n/English/WebGUI.pm
index 2d490dd41..f93626a9d 100644
--- a/lib/WebGUI/i18n/English/WebGUI.pm
+++ b/lib/WebGUI/i18n/English/WebGUI.pm
@@ -912,6 +912,11 @@ to add or remove users from their groups.
 		lastUpdated => 1129431859
 	},
 
+    'username no html' => {
+        message => q|Your username cannot contain HTML or WebGUI Macros.|,
+        lastUpdated => 1203059016,
+    },
+
 	'432' => {
 		message => q|Expires|,
 		lastUpdated => 1031514049