diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php
index 3963be41..8e1cd827 100644
--- a/application/common/controller/Backend.php
+++ b/application/common/controller/Backend.php
@@ -577,6 +577,7 @@ class Backend extends Controller
                     $result = array_intersect_key(($item instanceof Model ? $item->toArray() : (array)$item), array_flip($fields));
                 }
                 $result['pid'] = isset($item['pid']) ? $item['pid'] : (isset($item['parent_id']) ? $item['parent_id'] : 0);
+                $result = array_map("htmlentities", $result);
                 $list[] = $result;
             }
             if ($istree && !$primaryvalue) {