diff --git a/src/api/middlewares/validation.js b/src/api/middlewares/validation.js
index dbfd227..3ec9b61 100644
--- a/src/api/middlewares/validation.js
+++ b/src/api/middlewares/validation.js
@@ -28,11 +28,16 @@ const apiKeySchema = z.object({
 // Fonction de sanitization
 function sanitizeInput (input) {
   if (typeof input === 'string') {
-    return input
-      .trim()
-      .replace(/[<>]/g, '') // Supprimer les balises HTML basiques
-      .replace(/javascript:/gi, '') // Supprimer les protocoles dangereux
-      .replace(/on\w+=/gi, ''); // Supprimer les événements JavaScript
+    let sanitized = input.trim();
+    let previous;
+    do {
+      previous = sanitized;
+      sanitized = sanitized
+        .replace(/[<>]/g, '') // Supprimer les balises HTML basiques
+        .replace(/javascript:/gi, '') // Supprimer les protocoles dangereux
+        .replace(/on\w+=/gi, ''); // Supprimer les événements JavaScript
+    } while (sanitized !== previous);
+    return sanitized;
   }
   return input;
 }