diff --git a/app/Api/v1/Controllers/IconController.php b/app/Api/v1/Controllers/IconController.php
index 68437b4b..d4acfc71 100644
--- a/app/Api/v1/Controllers/IconController.php
+++ b/app/Api/v1/Controllers/IconController.php
@@ -2,6 +2,7 @@
 
 namespace App\Api\v1\Controllers;
 
+use App\Api\v1\Requests\IconFetchRequest;
 use App\Http\Controllers\Controller;
 use App\Models\TwoFAccount;
 use App\Services\LogoService;
@@ -34,13 +35,11 @@ public function upload(Request $request)
      *
      * @return \Illuminate\Http\JsonResponse
      */
-    public function fetch(Request $request, LogoService $logoService)
+    public function fetch(IconFetchRequest $request, LogoService $logoService)
     {
-        $this->validate($request, [
-            'service' => 'string|regex:/^[^:]+$/i',
-        ]);
+        $validated = $request->validated();
 
-        $icon = $logoService->getIcon($request->service);
+        $icon = $logoService->getIcon($validated['service']);
 
         return $icon
             ? response()->json(['filename' => $icon], 201)
diff --git a/app/Api/v1/Requests/GroupStoreRequest.php b/app/Api/v1/Requests/GroupStoreRequest.php
index 13a6f690..52147dce 100644
--- a/app/Api/v1/Requests/GroupStoreRequest.php
+++ b/app/Api/v1/Requests/GroupStoreRequest.php
@@ -28,7 +28,7 @@ public function rules()
         return [
             'name' => [
                 'required',
-                'string',
+                'alpha_dash',
                 'max:32',
                 Rule::unique('groups')->where(fn ($query) => $query->where('user_id', $this->user()->id)),
             ],
diff --git a/app/Api/v1/Requests/IconFetchRequest.php b/app/Api/v1/Requests/IconFetchRequest.php
new file mode 100644
index 00000000..fb12ec63
--- /dev/null
+++ b/app/Api/v1/Requests/IconFetchRequest.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Api\v1\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
+
+class IconFetchRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return Auth::check();
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'service' => 'string|regex:/^[^:]+$/i',
+        ];
+    }
+
+    /**
+     * Prepare the data for validation.
+     *
+     * @codeCoverageIgnore
+     *
+     * @return void
+     */
+    protected function prepareForValidation()
+    {
+        $this->merge([
+            'service' => strip_tags($this->service),
+        ]);
+    }
+}
diff --git a/resources/js/mixins.js b/resources/js/mixins.js
index 570ab6e1..e6ca1ad5 100644
--- a/resources/js/mixins.js
+++ b/resources/js/mixins.js
@@ -126,6 +126,10 @@ Vue.mixin({
 
             this.setTheme(this.$root.userPreferences.theme)
         },
+
+        strip_tags (str) {
+            return str.replace(/(<([^> ]+)>)/ig, "")
+        }
     }
 
 })
\ No newline at end of file
diff --git a/resources/js/views/twofaccounts/Create.vue b/resources/js/views/twofaccounts/Create.vue
index 85321957..0827648e 100644
--- a/resources/js/views/twofaccounts/Create.vue
+++ b/resources/js/views/twofaccounts/Create.vue
@@ -149,7 +149,7 @@
             <div class="block">
                 {{ $t('errors.data_of_qrcode_is_not_valid_URI') }}
             </div>
-            <div class="block mb-6" :class="$root.showDarkMode ? 'has-text-light':'has-text-grey-dark'" v-html="uri"></div>
+            <div class="block mb-6" :class="$root.showDarkMode ? 'has-text-light':'has-text-grey-dark'">{{ uri }}</div>
             <!-- Copy to clipboard -->
             <div class="block has-text-link">
                 <button class="button is-link is-outlined is-rounded" v-clipboard="() => uri" v-clipboard:success="clipboardSuccessHandler">
@@ -372,10 +372,10 @@
                             this.deleteIcon()
                             this.tempIcon = response.data.filename;
                         }
-                        else this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.form.service}) })
+                        else this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.strip_tags(this.form.service)}) })
                     })
                     .catch(error => {
-                        this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.form.service}) })
+                        this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.strip_tags(this.form.service)}) })
                     });
                 }
             },
diff --git a/resources/js/views/twofaccounts/Edit.vue b/resources/js/views/twofaccounts/Edit.vue
index 7892f1d3..a6e70226 100644
--- a/resources/js/views/twofaccounts/Edit.vue
+++ b/resources/js/views/twofaccounts/Edit.vue
@@ -265,10 +265,10 @@
                             this.deleteIcon()
                             this.tempIcon = response.data.filename;
                         }
-                        else this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.form.service}) })
+                        else this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.strip_tags(this.form.service)}) })
                     })
                     .catch(error => {
-                        this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.form.service}) })
+                        this.$notify({type: 'is-warning', text: this.$t('errors.no_logo_found_for_x', {service: this.strip_tags(this.form.service)}) })
                     });
                 }
             },