diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21618795..f63daa70 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # 更新日志
 > 有空会补补BUG、添添新功能。    
 > 同时也欢迎大家的参与！感谢各位朋友的支持！ .TAT.
+
+## `v(2.0.7.3)
+
+* 主窗口增加 CSP 策略
+* Fix self-xss in database config #151 (thx @miaochiahao)
+
 ## `v(2.0.7.2)`
 
 * Fix #150 文件路径输入框未过滤问题
diff --git a/source/modules/database/asp/index.js b/source/modules/database/asp/index.js
index 2ea0e28a..3e321253 100644
--- a/source/modules/database/asp/index.js
+++ b/source/modules/database/asp/index.js
@@ -139,7 +139,7 @@ class ASP {
       items.push({
         id: `conn::${_}`,
         // text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
-        text: conf[_]['type'].toUpperCase(),
+        text: antSword.noxss(conf[_]['type'].toUpperCase()),
         im0: this.manager.list.imgs[0],
         im1: this.manager.list.imgs[0],
         im2: this.manager.list.imgs[0]
diff --git a/source/modules/database/custom/index.js b/source/modules/database/custom/index.js
index afc1861c..fb47de1c 100644
--- a/source/modules/database/custom/index.js
+++ b/source/modules/database/custom/index.js
@@ -124,7 +124,7 @@ class CUSTOM {
       items.push({
         id: `conn::${_}`,
         // text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
-        text: conf[_]['type'].toUpperCase(),
+        text: antSword.noxss(conf[_]['type'].toUpperCase()),
         im0: this.manager.list.imgs[0],
         im1: this.manager.list.imgs[0],
         im2: this.manager.list.imgs[0]
diff --git a/source/modules/database/index.js b/source/modules/database/index.js
index b6bc01cc..26690593 100644
--- a/source/modules/database/index.js
+++ b/source/modules/database/index.js
@@ -251,7 +251,7 @@ class Database {
         data_arr.push({
           id: i+1,
           data: [
-            func_mapping.hasOwnProperty(item[0]) ? func_mapping[item[0]] : item[0],
+            func_mapping.hasOwnProperty(item[0]) ? func_mapping[item[0]] : antSword.noxss(item[0]),
             parseInt(item[1]) === 1 ? "√" : "×",
           ],
           style: parseInt(item[1]) === 1 ? "background-color:#ADF1B9": "",
diff --git a/source/modules/database/php/index.js b/source/modules/database/php/index.js
index ea9a0897..af3825d5 100644
--- a/source/modules/database/php/index.js
+++ b/source/modules/database/php/index.js
@@ -287,7 +287,7 @@ class PHP {
     for (let _ in conf) {
       items.push({
         id: `conn::${_}`,
-        text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
+        text: antSword.noxss(`${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`),
         im0: this.manager.list.imgs[0],
         im1: this.manager.list.imgs[0],
         im2: this.manager.list.imgs[0]