diff --git a/kernel/api/template.go b/kernel/api/template.go
index 69f2db4722d..82e7d504a56 100644
--- a/kernel/api/template.go
+++ b/kernel/api/template.go
@@ -80,6 +80,12 @@ func renderTemplate(c *gin.Context) {
 		return
 	}
 
+	if !util.IsAbsPathInWorkspace(p) {
+		ret.Code = -1
+		ret.Msg = "Path [" + p + "] is not in workspace"
+		return
+	}
+
 	preview := false
 	if previewArg := arg["preview"]; nil != previewArg {
 		preview = previewArg.(bool)
diff --git a/kernel/model/export.go b/kernel/model/export.go
index 88a62de433a..b844b08bfc0 100644
--- a/kernel/model/export.go
+++ b/kernel/model/export.go
@@ -532,7 +532,13 @@ func ExportResources(resourcePaths []string, mainName string) (exportFilePath st
 
 	// 将需要导出的文件/文件夹复制到临时文件夹
 	for _, resourcePath := range resourcePaths {
-		resourceFullPath := filepath.Join(util.WorkspaceDir, resourcePath)    // 资源完整路径
+		resourceFullPath := filepath.Join(util.WorkspaceDir, resourcePath) // 资源完整路径
+		if !util.IsAbsPathInWorkspace(resourceFullPath) {
+			logging.LogErrorf("resource path [%s] is not in workspace", resourceFullPath)
+			err = errors.New("resource path [" + resourcePath + "] is not in workspace")
+			return
+		}
+
 		resourceBaseName := filepath.Base(resourceFullPath)                   // 资源名称
 		resourceCopyPath := filepath.Join(exportFolderPath, resourceBaseName) // 资源副本完整路径
 		if err = filelock.Copy(resourceFullPath, resourceCopyPath); err != nil {
diff --git a/kernel/model/upload.go b/kernel/model/upload.go
index c21a4aa8dfe..04fcd83c2f2 100644
--- a/kernel/model/upload.go
+++ b/kernel/model/upload.go
@@ -132,6 +132,11 @@ func Upload(c *gin.Context) {
 	if nil != form.Value["assetsDirPath"] {
 		relAssetsDirPath = form.Value["assetsDirPath"][0]
 		assetsDirPath = filepath.Join(util.DataDir, relAssetsDirPath)
+		if !util.IsAbsPathInWorkspace(assetsDirPath) {
+			ret.Code = -1
+			ret.Msg = "Path [" + assetsDirPath + "] is not in workspace"
+			return
+		}
 	}
 	if !gulu.File.IsExist(assetsDirPath) {
 		if err = os.MkdirAll(assetsDirPath, 0755); err != nil {
diff --git a/kernel/treenode/template.go b/kernel/treenode/template.go
index 84561fc6106..0472a42f659 100644
--- a/kernel/treenode/template.go
+++ b/kernel/treenode/template.go
@@ -31,6 +31,12 @@ import (
 
 func BuiltInTemplateFuncs() (ret template.FuncMap) {
 	ret = sprig.TxtFuncMap()
+
+	// 因为安全原因移除一些函数 https://github.com/siyuan-note/siyuan/issues/13426
+	delete(ret, "env")
+	delete(ret, "expandenv")
+	delete(ret, "getHostByName")
+
 	ret["Weekday"] = util.Weekday
 	ret["WeekdayCN"] = util.WeekdayCN
 	ret["WeekdayCN2"] = util.WeekdayCN2
diff --git a/kernel/util/path.go b/kernel/util/path.go
index a9617da8457..ed562a514d5 100644
--- a/kernel/util/path.go
+++ b/kernel/util/path.go
@@ -302,3 +302,7 @@ func GetAbsPathInWorkspace(relPath string) (string, error) {
 	}
 	return "", os.ErrPermission
 }
+
+func IsAbsPathInWorkspace(absPath string) bool {
+	return IsSubPath(WorkspaceDir, absPath)
+}