diff --git a/src/content/index.js b/src/content/index.js
index ca0d31b..97cc779 100644
--- a/src/content/index.js
+++ b/src/content/index.js
@@ -24,10 +24,7 @@ storageApi.local.get("providerUUID", (res) => {
         uuid = crypto.randomUUID();
         storageApi.local.set({ providerUUID: uuid });
     }
-    window.postMessage(
-        { type: "AUTISTMASK_PROVIDER_UUID", uuid },
-        "*",
-    );
+    window.postMessage({ type: "AUTISTMASK_PROVIDER_UUID", uuid }, "*");
 });
 
 // Relay requests from the page to the background script
diff --git a/src/shared/balances.js b/src/shared/balances.js
index 24f19a6..a758339 100644
--- a/src/shared/balances.js
+++ b/src/shared/balances.js
@@ -192,6 +192,10 @@ async function lookupTokenInfo(contractAddress, rpcUrl) {
         name = symbol;
     }
 
+    // Truncate name and symbol to prevent abuse via malicious contracts.
+    name = String(name).slice(0, 64);
+    symbol = String(symbol).slice(0, 12);
+
     log.infof("Token resolved:", symbol, "decimals", Number(decimals));
     return { name, symbol, decimals: Number(decimals) };
 }