diff --git a/kernel/sql/av.go b/kernel/sql/av.go
index 76850beb2..fc6d095c9 100644
--- a/kernel/sql/av.go
+++ b/kernel/sql/av.go
@@ -111,7 +111,7 @@ func renderView(attrView *av.AttributeView, view *av.View, query string, depth *
 	return
 }
 
-func RenderTemplateField(ial map[string]string, keyValues []*av.KeyValues, tplContent string) (ret string, err error) {
+func renderTemplateField(ial map[string]string, keyValues []*av.KeyValues, tplContent string) (ret string, err error) {
 	if "" == ial["id"] {
 		block := getBlockValue(keyValues)
 		if nil != block {
@@ -267,6 +267,11 @@ func RenderTemplateField(ial map[string]string, keyValues []*av.KeyValues, tplCo
 	ret = buf.String()
 	if ret == "<no value>" {
 		ret = ""
+		return
+	}
+
+	if util.HasUnclosedHtmlTag(ret) {
+		ret = util.EscapeHTML(ret)
 	}
 	return
 }
@@ -623,7 +628,7 @@ func fillAttributeViewTemplateValues(attrView *av.AttributeView, view *av.View,
 				ial = map[string]string{}
 			}
 
-			content, renderErr := RenderTemplateField(ial, keyValues, value.Template.Content)
+			content, renderErr := renderTemplateField(ial, keyValues, value.Template.Content)
 			if nil != renderErr {
 				key, _ := attrView.GetKey(value.KeyID)
 				keyName := ""
diff --git a/kernel/util/misc.go b/kernel/util/misc.go
index 870633ac5..f14d4dea4 100644
--- a/kernel/util/misc.go
+++ b/kernel/util/misc.go
@@ -100,6 +100,31 @@ func UnescapeHTML(s string) (ret string) {
 	return
 }
 
+func HasUnclosedHtmlTag(htmlStr string) bool {
+	tagRe := regexp.MustCompile(`<(/?)([a-zA-Z0-9]+)[^>]*?>`)
+	selfClosing := map[string]bool{
+		"br": true, "img": true, "hr": true, "input": true, "meta": true, "link": true,
+	}
+	stack := []string{}
+	matches := tagRe.FindAllStringSubmatch(htmlStr, -1)
+	for _, m := range matches {
+		isClose := m[1] == "/"
+		tag := strings.ToLower(m[2])
+		if selfClosing[tag] {
+			continue
+		}
+		if !isClose {
+			stack = append(stack, tag)
+		} else {
+			if len(stack) == 0 || stack[len(stack)-1] != tag {
+				return true // 闭合标签不匹配
+			}
+			stack = stack[:len(stack)-1]
+		}
+	}
+	return len(stack) != 0
+}
+
 func Reverse(s string) string {
 	runes := []rune(s)
 	for i, j := 0, len(runes)-1; i < j; i, j = i+1, j-1 {