diff --git a/src/index.js b/src/index.js
index 0569062..692bd72 100644
--- a/src/index.js
+++ b/src/index.js
@@ -24,7 +24,7 @@ app.get('/api/qrcode', async (req, res) => {
     function check (name, rgxp) {
         if (!req.query[name]) errors.push(`${name} is required`)
         else {
-            req.query[name] = String(req.query[name]).trim()
+            req.query[name] = decodeURIComponent(String(req.query[name])).trim()
             if (!String(req.query[name]).match(rgxp)) {
                 errors.push(`${name} does not match the required format`)
             }
@@ -35,7 +35,7 @@ app.get('/api/qrcode', async (req, res) => {
     check('client_address', /^[a-zA-Z0-9ČŠŽĐ](?:[A-Z0-9 ČŠŽĐ]{0,31}[A-Z0-9ČŠŽĐ])?$/i)
     check('client_city', /^[a-zA-Z0-9ČŠŽĐ](?:[A-Z0-9 ČŠŽĐ]{0,31}[A-Z0-9ČŠŽĐ])?$/i)
     check('amount', /^(?=.{11}$)[0]{1,11}[0-9]{0,11}$/)
-    check('payment_purpose', /^[A-Z0-9ČŠŽĐ](?:[A-Z0-9 ČŠŽĐ\-:;_'"]{0,40}[A-Z0-9ČŠŽĐ])?$/i)
+    check('payment_purpose', /^.{1,42}$/i)
     check('iban', /^[A-Z]{2}\d{17}$/)
     check('reference', /^[A-Z]{2}[0-9\-]{1,24}$/)
     check('issuer_name', /^[a-zA-Z0-9ČŠŽĐ'](?:[A-Z0-9 ČŠŽĐ']{0,31}[A-Z0-9ČŠŽĐ'])?$/i)
diff --git a/src/views/index.ejs b/src/views/index.ejs
index 166ac65..76306a6 100644
--- a/src/views/index.ejs
+++ b/src/views/index.ejs
@@ -102,7 +102,7 @@ section div {
         </div>
     </section>
 <script>
-function val (name) { return document.getElementsByName(name)?.[0]?.value || "" }
+function val (name) { return encodeURIComponent(document.getElementsByName(name)?.[0]?.value) || "" }
 function getNewUrl () {
     const qstring = [
         ["client_name", val("client-name")],
@@ -117,7 +117,7 @@ function getNewUrl () {
         ["issuer_address", val("issuer-address")],
         ["issuer_city", val("issuer-city")],
     ].map(v => `${v[0]}=${v[1]}`).join("&")
-    return `${window.location.origin}/api/qrcode?${qstring}`
+    return encodeURI(`${window.location.origin}/api/qrcode?${qstring}`)
 }
 const copyBtn = document.getElementById("copyurl")
 copyBtn.addEventListener("click", () => copyUrl())
@@ -136,7 +136,6 @@ function copyUrl () {
             copyBtn.innerText = "Copy image URL"
             copyBtn.classList.remove("success")
         }, 750)
-
     } catch (error) {
         console.error(error)
         copyBtn.innerText = "Failed!"
@@ -145,7 +144,6 @@ function copyUrl () {
             copyBtn.innerText = "Copy image URL"
             copyBtn.classList.remove("error")
         }, 750)
-
     }
 }
 </script>