diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index 51bf20e0..acd65ec1 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -93,7 +93,7 @@ class Api
     protected function _initialize()
     {
         //移除HTML标签
-        $this->request->filter('strip_tags');
+        $this->request->filter('trim,strip_tags,htmlspecialchars');
 
         $this->auth = Auth::instance();
 
diff --git a/application/common/controller/Frontend.php b/application/common/controller/Frontend.php
index 99250803..a661b3ef 100644
--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@@ -42,7 +42,7 @@ class Frontend extends Controller
     public function _initialize()
     {
         //移除HTML标签
-        $this->request->filter('strip_tags');
+        $this->request->filter('trim,strip_tags,htmlspecialchars');
         $modulename = $this->request->module();
         $controllername = Loader::parseName($this->request->controller());
         $actionname = strtolower($this->request->action());