diff --git a/app/src/protyle/render/av/cell.ts b/app/src/protyle/render/av/cell.ts
index 9cfa6dc0a..b8808b88a 100644
--- a/app/src/protyle/render/av/cell.ts
+++ b/app/src/protyle/render/av/cell.ts
@@ -30,7 +30,7 @@ const renderCellURL = (urlContent: string) => {
// 不是 url 地址
}
// https://github.com/siyuan-note/siyuan/issues/9291
- return `${host}${suffix}`;
+ return `${host}${Lute.EscapeHTMLStr(suffix)}`;
};
export const getCellText = (cellElement: HTMLElement | false) => {
@@ -660,10 +660,12 @@ export const renderCellAttr = (cellElement: Element, value: IAVCellValue) => {
export const renderCell = (cellValue: IAVCellValue, rowIndex = 0) => {
let text = "";
- if (["text", "template"].includes(cellValue.type)) {
- text = `${cellValue ? (cellValue[cellValue.type as "text"].content || "") : ""}`;
+ if ("template" === cellValue.type) {
+ text = `${cellValue ? (Lute.EscapeHTMLStr(cellValue.template.content) || "") : ""}`;
+ } else if ("text" === cellValue.type) {
+ text = `${cellValue ? (Lute.EscapeHTMLStr(cellValue.text.content) || "") : ""}`;
} else if (["email", "phone"].includes(cellValue.type)) {
- text = `${cellValue ? cellValue[cellValue.type as "email"].content : ""}`;
+ text = `${cellValue ? Lute.EscapeHTMLStr(cellValue[cellValue.type as "email"].content) : ""}`;
} else if ("url" === cellValue.type) {
text = renderCellURL(cellValue?.url?.content || "");
} else if (cellValue.type === "block") {