diff --git a/myapp/models/model_etl_pipeline.py b/myapp/models/model_etl_pipeline.py
index c192d4aa..d80c7e87 100644
--- a/myapp/models/model_etl_pipeline.py
+++ b/myapp/models/model_etl_pipeline.py
@@ -38,7 +38,10 @@ def __repr__(self):
     @property
     def etl_pipeline_url(self):
         pipeline_url="/etl_pipeline_modelview/api/web/" +str(self.id)
-        return Markup(f'<a target=_blank href="{pipeline_url}">{self.describe}</a>')
+        # Escape the describe field to prevent XSS
+        from wtforms.widgets.core import escape_html
+        safe_describe = escape_html(self.describe)
+        return Markup(f'<a target=_blank href="{pipeline_url}">{safe_describe}</a>')
 
 
     def clone(self):
diff --git a/myapp/models/model_job.py b/myapp/models/model_job.py
index e8021a86..826adf34 100644
--- a/myapp/models/model_job.py
+++ b/myapp/models/model_job.py
@@ -196,7 +196,10 @@ def __repr__(self):
     @property
     def pipeline_url(self):
         pipeline_url="/pipeline_modelview/api/web/" +str(self.id)
-        return Markup(f'<a target=_blank href="{pipeline_url}">{self.describe}</a>')
+        # Escape the describe field to prevent XSS
+        from wtforms.widgets.core import escape_html
+        safe_describe = escape_html(self.describe)
+        return Markup(f'<a target=_blank href="{pipeline_url}">{safe_describe}</a>')
 
     @property
     def run_pipeline(self):
diff --git a/myapp/models/model_nni.py b/myapp/models/model_nni.py
index 18d8974b..ccdeadc2 100644
--- a/myapp/models/model_nni.py
+++ b/myapp/models/model_nni.py
@@ -87,12 +87,14 @@ def run(self):
 
     @property
     def describe_url(self):
+        from wtforms.widgets.core import escape_html
+        safe_describe = escape_html(self.describe)
         expand = json.loads(self.expand) if self.expand else {}
         status = expand.get('status','')
         if status=='online':
-            return Markup(f'<a target=_blank href="/nni_modelview/api/web/{self.id}">{self.describe}</a>')
+            return Markup(f'<a target=_blank href="/nni_modelview/api/web/{self.id}">{safe_describe}</a>')
         else:
-            return self.describe
+            return safe_describe
 
 
     # @property
diff --git a/myapp/models/model_notebook.py b/myapp/models/model_notebook.py
index 980c4dc3..306c178e 100644
--- a/myapp/models/model_notebook.py
+++ b/myapp/models/model_notebook.py
@@ -83,7 +83,9 @@ def name_url(self):
             else:
                 url = "/notebook/" + self.namespace + "/" + self.name + "/lab?#" + self.mount
                 # url = '/notebook/jupyter/%s/lab/tree/mnt/%s'%(self.name,self.created_by.username)
-        return Markup(f'<a target=_blank href="{host}{url}">{self.name}</a>')
+        from wtforms.widgets.core import escape_html
+        safe_name = escape_html(self.name)
+        return Markup(f'<a target=_blank href="{host}{url}">{safe_name}</a>')
 
     @property
     def ide_type_html(self):
diff --git a/myapp/views/view_notebook.py b/myapp/views/view_notebook.py
index c4cf56a9..585f06ec 100644
--- a/myapp/views/view_notebook.py
+++ b/myapp/views/view_notebook.py
@@ -308,7 +308,10 @@ def template_str(src_str):
             notebook.project = project
             notebook.project_id = project.id
             notebook.name = name
-            notebook.describe = label
+            # notebook.describe = label
+            # TODO: 新增字段用于渲染阶段单独转义
+            from wtforms.widgets.core import escape_html
+            notebook.describe = escape_html(label)
             notebook.images = images
             notebook.ide_type = 'jupyter'
             notebook.working_dir = ''