diff --git a/themes/hexo-theme-xups/layout/_partial/header.ejs b/themes/hexo-theme-xups/layout/_partial/header.ejs
index 949256b..bc647b5 100644
--- a/themes/hexo-theme-xups/layout/_partial/header.ejs
+++ b/themes/hexo-theme-xups/layout/_partial/header.ejs
@@ -25,7 +25,7 @@
             <div id="search-result-box" >
                 <ul class="search-result-list" v-if="searchResult.length">
                     <li v-for="(article,index) in searchResult" :key="index">
-                        <a :href='article.url' class='search-result-title' target='_blank'>{{article.title}}</a>
+                        <a :href='article.url' class='search-result-title' target='_blank'>{{article.title || '无标题'}}</a>
                         <p class="search-result" v-html="article.matchContent"></p>
                     </li>
                 </ul>
diff --git a/themes/hexo-theme-xups/source/js/comment.js b/themes/hexo-theme-xups/source/js/comment.js
index babf834..e8a218f 100644
--- a/themes/hexo-theme-xups/source/js/comment.js
+++ b/themes/hexo-theme-xups/source/js/comment.js
@@ -117,14 +117,15 @@ var JELON = window.JELON || {};
     }
     return format;
   };
-  var htmlEncode = function (str) {
+  /**
+   * 过滤字符串中的style link script标签, 防止注入
+   * @param {String} str 需要处理的字符串
+   */
+  var htmlFilter = function (str) {
     if (typeof str !== 'string') return;
-    str = str.replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        // .replace(/>/g, '&gt;')
-        .replace(/\"/g, '&quot;')
-        .replace(/\'/g, '&#39;')
-        .replace(/ /g, '&nbsp;');
+    str = str.replace(/(<style.*?<\/style>)/g, '')
+        .replace(/(<link.*\s+href=(?:"[^"]*"|'[^']*')[^<]*>)/g, '')
+        .replace(/<script.*?>.*?<\/script>/g, '');
     return str;
   };
 
@@ -594,8 +595,7 @@ var JELON = window.JELON || {};
         removeClass('JELON__editBox', 'show');
         addClass('JELON__previewBox', 'show');
         var text = $('JELON__editBox').value.trim();
-        // 安全转义
-        text = htmlEncode(text);
+        text = htmlFilter(text);
         if (text) {
           JL.Requests.markdown({
             text: text,
@@ -617,8 +617,7 @@ var JELON = window.JELON || {};
         return;
       }
       var body = $('JELON__editBox').value.trim();
-      // 安全转义
-      body = htmlEncode(body);
+      body = htmlFilter(body);
       if (body) {
         JL.Renders.loading.create();
         if (JL.issueNumber !== 0) {
diff --git a/themes/hexo-theme-xups/source/js/local_search.js b/themes/hexo-theme-xups/source/js/local_search.js
index 370bdc5..d6b93d8 100644
--- a/themes/hexo-theme-xups/source/js/local_search.js
+++ b/themes/hexo-theme-xups/source/js/local_search.js
@@ -49,22 +49,20 @@ new Vue({
 				var index_title = -1;
 				var index_content = -1;
 				var first_occur = -1; //关键字在正文当中第一次出现的位置
-				if(title && content) {
-					keywords.forEach(function(keyword, i) {
-						index_title = title.indexOf(keyword);
-						index_content = content.indexOf(keyword);
-						if( index_title < 0 && index_content < 0 ){
-							isMatch = false;
-						} else {
-							if (index_content < 0) {
-								index_content = 0;
-							}
-							if (i == 0) {
-								first_occur = index_content;
-							}
+				keywords.forEach(function(keyword, i) {
+					index_title = title ? title.indexOf(keyword) : -1;
+					index_content = content ? content.indexOf(keyword) : -1;
+					if( index_title < 0 && index_content < 0 ){
+						isMatch = false;
+					} else {
+						if (index_content < 0) {
+							index_content = 0;
 						}
-					});
-				}
+						if (i == 0) {
+							first_occur = index_content;
+						}
+					}
+				});
 				if (isMatch) {
 					var resultItem = {};
 					resultItem.url = article.url;