diff --git a/src/component/sheet.js b/src/component/sheet.js
index dac08948..2192cb74 100644
--- a/src/component/sheet.js
+++ b/src/component/sheet.js
@@ -19,6 +19,7 @@ import SortFilter from './sort_filter';
 import { xtoast } from './message';
 import { cssPrefix } from '../config';
 import { formulas } from '../core/formula';
+import {sanitizeHTML} from '../core/validator'
 
 /**
  * @desc throttle fn
@@ -499,6 +500,7 @@ function dataSetCellText(text, state = 'finished') {
   const { data, table } = this;
   // const [ri, ci] = selector.indexes;
   if (data.settings.mode === 'read') return;
+  text = sanitizeHTML(text)
   data.setSelectedCellText(text, state);
   const { ri, ci } = data.selector;
   if (state === 'finished') {
diff --git a/src/core/validator.js b/src/core/validator.js
index 4066b1c4..59413e5c 100644
--- a/src/core/validator.js
+++ b/src/core/validator.js
@@ -13,7 +13,11 @@ function returnMessage(flag, key, ...arg) {
   }
   return [flag, message];
 }
-
+export function  sanitizeHTML(str) {
+return str.replace(/[^\w. ]/gi, function (c) {
+    return '&#' + c.charCodeAt(0) + ';';
+  });
+};
 export default class Validator {
   // operator: b|nb|eq|neq|lt|lte|gt|gte
   // type: date|number|list|phone|email