diff --git a/kernel/model/attribute_view_render.go b/kernel/model/attribute_view_render.go
index 5b78d21d3..93b654236 100644
--- a/kernel/model/attribute_view_render.go
+++ b/kernel/model/attribute_view_render.go
@@ -44,6 +44,11 @@ func RenderAttributeView(blockID, avID, viewID, query string, page, pageSize int
 			return
 		}
 
+		if !ast.IsNodeIDPattern(avID) {
+			err = ErrInvalidID
+			return
+		}
+
 		attrView = av.NewAttributeView(avID)
 		if err = av.SaveAttributeView(attrView); err != nil {
 			logging.LogErrorf("save attribute view [%s] failed: %s", avID, err)
@@ -499,6 +504,11 @@ func RenderRepoSnapshotAttributeView(indexID, avID string) (viewable av.Viewable
 	}
 
 	if nil == avFile {
+		if !ast.IsNodeIDPattern(avID) {
+			err = ErrInvalidID
+			return
+		}
+
 		attrView = av.NewAttributeView(avID)
 	} else {
 		data, readErr := repo.OpenFile(avFile)
@@ -507,6 +517,11 @@ func RenderRepoSnapshotAttributeView(indexID, avID string) (viewable av.Viewable
 			return
 		}
 
+		if !ast.IsNodeIDPattern(avID) {
+			err = ErrInvalidID
+			return
+		}
+
 		attrView = av.NewAttributeView(avID)
 		if err = gulu.JSON.UnmarshalJSON(data, attrView); err != nil {
 			logging.LogErrorf("unmarshal attribute view [%s] failed: %s", avID, err)
@@ -544,6 +559,11 @@ func RenderHistoryAttributeView(blockID, avID, viewID, query string, page, pageS
 	}
 	if !gulu.File.IsExist(avJSONPath) {
 		logging.LogWarnf("attribute view [%s] not found in current data", avID)
+		if !ast.IsNodeIDPattern(avID) {
+			err = ErrInvalidID
+			return
+		}
+
 		attrView = av.NewAttributeView(avID)
 	} else {
 		data, readErr := os.ReadFile(avJSONPath)
@@ -552,6 +572,11 @@ func RenderHistoryAttributeView(blockID, avID, viewID, query string, page, pageS
 			return
 		}
 
+		if !ast.IsNodeIDPattern(avID) {
+			err = ErrInvalidID
+			return
+		}
+
 		attrView = av.NewAttributeView(avID)
 		if err = gulu.JSON.UnmarshalJSON(data, attrView); err != nil {
 			logging.LogErrorf("unmarshal attribute view [%s] failed: %s", avID, err)
diff --git a/kernel/model/tree.go b/kernel/model/tree.go
index 96ff5989e..ba18dd159 100644
--- a/kernel/model/tree.go
+++ b/kernel/model/tree.go
@@ -182,6 +182,7 @@ var (
 	ErrTreeNotFound  = errors.New("tree not found")
 	ErrIndexing      = errors.New("indexing")
 	ErrBoxUnindexed  = errors.New("notebook unindexed")
+	ErrInvalidID     = errors.New("invalid id")
 )
 
 func LoadTreeByBlockIDWithReindex(id string) (ret *parse.Tree, err error) {