diff --git a/kernel/api/block.go b/kernel/api/block.go
index c8d31d55f..25097d68d 100644
--- a/kernel/api/block.go
+++ b/kernel/api/block.go
@@ -629,7 +629,7 @@ func getBlockInfo(c *gin.Context) {
 	icon := root.IAL["icon"]
 	if strings.Contains(icon, ".") {
 		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadFileName(icon)
+		icon = util.FilterUploadEmojiFileName(icon)
 	}
 	ret.Data = map[string]string{
 		"box":         block.Box,
diff --git a/kernel/api/setting.go b/kernel/api/setting.go
index 14a015a19..56d642cd4 100644
--- a/kernel/api/setting.go
+++ b/kernel/api/setting.go
@@ -657,7 +657,7 @@ func setEmoji(c *gin.Context) {
 		e := ae.(string)
 		if strings.Contains(e, ".") {
 			// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-			e = util.FilterUploadFileName(e)
+			e = util.FilterUploadEmojiFileName(e)
 		}
 		emoji = append(emoji, e)
 	}
diff --git a/kernel/api/system.go b/kernel/api/system.go
index 5c6986f4f..71cade88a 100644
--- a/kernel/api/system.go
+++ b/kernel/api/system.go
@@ -173,7 +173,7 @@ func getEmojiConf(c *gin.Context) {
 
 				if !util.IsValidUploadFileName(html.UnescapeString(name)) {
 					emojiFullName := filepath.Join(customConfDir, name)
-					name = util.FilterUploadFileName(name)
+					name = util.FilterUploadEmojiFileName(name)
 					fullPathFilteredName := filepath.Join(customConfDir, name)
 					// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
 					logging.LogWarnf("renaming invalid custom emoji file [%s] to [%s]", name, fullPathFilteredName)
@@ -202,7 +202,7 @@ func getEmojiConf(c *gin.Context) {
 
 						if !util.IsValidUploadFileName(html.UnescapeString(subName)) {
 							emojiFullName := filepath.Join(customConfDir, name, subName)
-							fullPathFilteredName := filepath.Join(customConfDir, name, util.FilterUploadFileName(subName))
+							fullPathFilteredName := filepath.Join(customConfDir, name, util.FilterUploadEmojiFileName(subName))
 							// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
 							logging.LogWarnf("renaming invalid custom emoji file [%s] to [%s]", subName, fullPathFilteredName)
 							if removeErr := filelock.Rename(emojiFullName, fullPathFilteredName); nil != removeErr {
diff --git a/kernel/model/blockinfo.go b/kernel/model/blockinfo.go
index f591ce734..7e17350ea 100644
--- a/kernel/model/blockinfo.go
+++ b/kernel/model/blockinfo.go
@@ -68,7 +68,7 @@ func GetDocInfo(blockID string) (ret *BlockInfo) {
 	icon := ret.IAL["icon"]
 	if strings.Contains(icon, ".") {
 		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadFileName(icon)
+		icon = util.FilterUploadEmojiFileName(icon)
 		ret.IAL["icon"] = icon
 	}
 
@@ -141,7 +141,7 @@ func GetDocInfo(blockID string) (ret *BlockInfo) {
 	icon = tree.Root.IALAttr("icon")
 	if strings.Contains(icon, ".") {
 		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadFileName(icon)
+		icon = util.FilterUploadEmojiFileName(icon)
 	}
 	ret.Icon = icon
 	return
diff --git a/kernel/model/box.go b/kernel/model/box.go
index 2fc64d4e9..a1b658692 100644
--- a/kernel/model/box.go
+++ b/kernel/model/box.go
@@ -130,7 +130,7 @@ func ListNotebooks() (ret []*Box, err error) {
 		icon := boxConf.Icon
 		if strings.Contains(icon, ".") { // 说明是自定义图标
 			// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-			icon = util.FilterUploadFileName(icon)
+			icon = util.FilterUploadEmojiFileName(icon)
 		}
 
 		box := &Box{
@@ -200,7 +200,7 @@ func (box *Box) GetConf() (ret *conf.BoxConf) {
 	icon := ret.Icon
 	if strings.Contains(icon, ".") {
 		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadFileName(icon)
+		icon = util.FilterUploadEmojiFileName(icon)
 		ret.Icon = icon
 	}
 	return
@@ -708,7 +708,7 @@ func ChangeBoxSort(boxIDs []string) {
 func SetBoxIcon(boxID, icon string) {
 	if strings.Contains(icon, ".") {
 		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadFileName(icon)
+		icon = util.FilterUploadEmojiFileName(icon)
 	}
 
 	box := &Box{ID: boxID}
diff --git a/kernel/model/conf.go b/kernel/model/conf.go
index 8734b832d..d224fc01d 100644
--- a/kernel/model/conf.go
+++ b/kernel/model/conf.go
@@ -234,7 +234,7 @@ func InitConf() {
 	for i, emoji := range Conf.Editor.Emoji {
 		if strings.Contains(emoji, ".") {
 			// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-			emoji = util.FilterUploadFileName(emoji)
+			emoji = util.FilterUploadEmojiFileName(emoji)
 			Conf.Editor.Emoji[i] = emoji
 		}
 	}
diff --git a/kernel/model/file.go b/kernel/model/file.go
index 3ad04ee94..98bef0b13 100644
--- a/kernel/model/file.go
+++ b/kernel/model/file.go
@@ -83,7 +83,7 @@ func (box *Box) docFromFileInfo(fileInfo *FileInfo, ial map[string]string) (ret
 	icon := ial["icon"]
 	if strings.Contains(icon, ".") {
 		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadFileName(icon)
+		icon = util.FilterUploadEmojiFileName(icon)
 	}
 	ret.Icon = icon
 	ret.ID = ial["id"]
diff --git a/kernel/model/import.go b/kernel/model/import.go
index b40376cba..d2b0b3f46 100644
--- a/kernel/model/import.go
+++ b/kernel/model/import.go
@@ -583,7 +583,7 @@ func ImportSY(zipPath, boxID, toPath string) (err error) {
 		}
 		if !util.IsValidUploadFileName(d.Name()) {
 			emojiFullName := path
-			fullPathFilteredName := filepath.Join(filepath.Dir(path), util.FilterUploadFileName(d.Name()))
+			fullPathFilteredName := filepath.Join(filepath.Dir(path), util.FilterUploadEmojiFileName(d.Name()))
 			// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
 			logging.LogWarnf("renaming invalid custom emoji file [%s] to [%s]", d.Name(), fullPathFilteredName)
 			if removeErr := filelock.Rename(emojiFullName, fullPathFilteredName); nil != removeErr {
@@ -732,7 +732,7 @@ func ImportData(zipPath string) (err error) {
 		}
 		if !util.IsValidUploadFileName(d.Name()) {
 			emojiFullName := path
-			fullPathFilteredName := filepath.Join(filepath.Dir(path), util.FilterUploadFileName(d.Name()))
+			fullPathFilteredName := filepath.Join(filepath.Dir(path), util.FilterUploadEmojiFileName(d.Name()))
 			// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
 			logging.LogWarnf("renaming invalid custom emoji file [%s] to [%s]", d.Name(), fullPathFilteredName)
 			if removeErr := filelock.Rename(emojiFullName, fullPathFilteredName); nil != removeErr {
diff --git a/kernel/util/file.go b/kernel/util/file.go
index 92fe70765..0cf1b74c7 100644
--- a/kernel/util/file.go
+++ b/kernel/util/file.go
@@ -188,6 +188,13 @@ func IsValidUploadFileName(name string) bool {
 	return name == FilterUploadFileName(name)
 }
 
+func FilterUploadEmojiFileName(name string) string {
+	name = strings.ReplaceAll(name, "/", "_@slash@_")
+	name = FilterUploadFileName(name)
+	name = strings.ReplaceAll(name, "_@slash@_", "/")
+	return name
+}
+
 func FilterUploadFileName(name string) string {
 	ret := FilterFileName(name)