diff --git a/kernel/api/icon.go b/kernel/api/icon.go
index c0d56123d..f6f629ebc 100644
--- a/kernel/api/icon.go
+++ b/kernel/api/icon.go
@@ -164,6 +164,10 @@ func getDynamicIcon(c *gin.Context) {
 		svg = generateTypeOneSVG(color, lang, dateInfo)
 	}
 
+	if !model.Conf.Editor.AllowSVGScript {
+		svg = util.RemoveScriptsInSVG(svg)
+	}
+
 	c.Header("Content-Type", "image/svg+xml")
 	c.Header("Cache-Control", "no-cache")
 	c.Header("Pragma", "no-cache")