diff --git a/.typos.toml b/.typos.toml
index 738b13e271..d9416da7b8 100644
--- a/.typos.toml
+++ b/.typos.toml
@@ -6,6 +6,7 @@ testng = "testng"
 ba = "ba"
 referer = "referer"
 keynode = "keynode"
+SCHEM = "SCHEM"
 
 [files]
 extend-exclude = ["public/", "amap-wx/", "m-icon/", "uni-card/", "uni-col/", "uni-link/", "uni-list/", "uni-list-item/", "uni-row/", "migration/", "mapFiles/", "frontend/src/views/chart/components/table/TableNormal.vue"]
diff --git a/Dockerfile b/Dockerfile
index 209a5a99b1..83885e4eec 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.cn-qingdao.aliyuncs.com/dataease/fabric8-java-alpine-openjdk8-jre:edge-chromium
+FROM registry.cn-qingdao.aliyuncs.com/dataease/fabric8-java-alpine-openjdk8-jre:edge-chromium-11
 
 ARG IMAGE_TAG
 
diff --git a/backend/pom.xml b/backend/pom.xml
index a4dfbe8c94..69d5e919d3 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -14,7 +14,7 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <shiro.version>1.9.1</shiro.version>
-        <java.version>1.8</java.version>
+        <java.version>11</java.version>
         <graalvm.version>20.1.0</graalvm.version>
         <jwt.version>3.12.1</jwt.version>
         <buji.version>4.0.0</buji.version>
@@ -30,7 +30,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>31.0.1-jre</version>
+            <version>32.0.0-jre</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -429,8 +429,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.8</source>
-                    <target>1.8</target>
+                    <source>11</source>
+                    <target>11</target>
                 </configuration>
             </plugin>
             <!-- Overlay guacamole-common-js (zip) -->
diff --git a/backend/src/main/java/io/dataease/commons/utils/DeFileUtils.java b/backend/src/main/java/io/dataease/commons/utils/DeFileUtils.java
index 6adc42e9be..2dcee5fa41 100644
--- a/backend/src/main/java/io/dataease/commons/utils/DeFileUtils.java
+++ b/backend/src/main/java/io/dataease/commons/utils/DeFileUtils.java
@@ -1,5 +1,7 @@
 package io.dataease.commons.utils;
 
+import io.dataease.commons.exception.DEException;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.io.*;
@@ -41,6 +43,17 @@ public class DeFileUtils {
         if (dir.exists()) return ;
         dir.mkdirs();
     }
+
+    public static void validateFile(MultipartFile file) {
+        String name = getFileNameNoEx(file.getOriginalFilename());
+        if (StringUtils.contains(name, "./")) {
+            DEException.throwException("file path invalid");
+        }
+        String suffix = getExtensionName(file.getOriginalFilename());
+        if (!StringUtils.equalsIgnoreCase(suffix, "zip")) {
+            DEException.throwException("please upload valid zip file");
+        }
+    }
     /**
      * 将文件名解析成文件的上传路径
      */
diff --git a/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java b/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java
deleted file mode 100644
index 5e2c2ea0ef..0000000000
--- a/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java
+++ /dev/null
@@ -1,557 +0,0 @@
-package io.dataease.commons.utils;
-
-import io.dataease.dto.dataset.ExcelSheetData;
-import io.dataease.i18n.Translator;
-import io.dataease.plugins.common.base.domain.DatasetTableField;
-import io.dataease.plugins.common.dto.datasource.TableField;
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.poi.openxml4j.opc.OPCPackage;
-import org.apache.poi.ss.usermodel.DataFormatter;
-import org.apache.poi.xssf.eventusermodel.XSSFReader;
-import org.apache.poi.xssf.model.SharedStringsTable;
-import org.apache.poi.xssf.model.StylesTable;
-import org.apache.poi.xssf.usermodel.XSSFCellStyle;
-import org.apache.poi.xssf.usermodel.XSSFRichTextString;
-import org.xml.sax.Attributes;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import org.xml.sax.XMLReader;
-import org.xml.sax.helpers.DefaultHandler;
-import org.xml.sax.helpers.XMLReaderFactory;
-
-import java.io.InputStream;
-import java.util.*;
-
-/**
- * @author y
- * @create 2018-01-18 14:28
- * @desc POI读取excel有两种模式，一种是用户模式，一种是事件驱动模式
- * 采用SAX事件驱动模式解决XLSX文件，可以有效解决用户模式内存溢出的问题，
- * 该模式是POI官方推荐的读取大数据的模式，
- * 在用户模式下，数据量较大，Sheet较多，或者是有很多无用的空行的情况下，容易出现内存溢出
- * <p>
- * 用于解决.xlsx2007版本大数据量问题
- **/
-public class ExcelXlsxReader extends DefaultHandler {
-
-    /**
-     * 自定义获取表格某些信
-     */
-    public Map map = new TreeMap<String, String>();
-
-    /**
-     * 单元格中的数据可能的数据类型
-     */
-    enum CellDataType {
-        BOOL, ERROR, FORMULA, INLINESTR, SSTINDEX, NUMBER, DATE, NULL
-    }
-
-    /**
-     * 共享字符串表
-     */
-    private SharedStringsTable sst;
-
-    /**
-     * 上一次的索引值
-     */
-    private String lastIndex;
-
-    /**
-     * 总行数
-     */
-    private int totalRows = 0;
-
-    /**
-     * 一行内cell集合
-     */
-    private List<String> cellList = new ArrayList<String>();
-
-    /**
-     * 判断整行是否为空行的标记
-     */
-    private boolean flag = false;
-
-    /**
-     * 当前行
-     */
-    private int curRow = 1;
-
-    /**
-     * 当前列
-     */
-    private int curCol = 0;
-
-    /**
-     * T元素标识
-     */
-    private boolean isTElement;
-
-    /**
-     * 单元格数据类型，默认为字符串类型
-     */
-    private CellDataType nextDataType = CellDataType.SSTINDEX;
-
-    private final DataFormatter formatter = new DataFormatter();
-
-    /**
-     * 单元格日期格式的索引
-     */
-    private short formatIndex;
-
-    /**
-     * 日期格式字符串
-     */
-    private String formatString;
-
-
-    //定义前一个元素和当前元素的位置，用来计算其中空的单元格数量，如A6和A8等
-    private String preRef = null, ref = null;
-
-    //定义该文档一行最大的单元格数，用来补全一行最后可能缺失的单元格
-    private String maxRef = null;
-
-    public List<DatasetTableField> getDatasetTableFields() {
-        return datasetTableFields;
-    }
-
-    public void setDatasetTableFields(List<DatasetTableField> datasetTableFields) {
-        this.datasetTableFields = datasetTableFields;
-    }
-
-    private List<DatasetTableField> datasetTableFields = null;
-
-    /**
-     * 单元格
-     */
-    private StylesTable stylesTable;
-
-    public List<TableField> fields = new ArrayList<>();
-    public List<List<String>> data = new ArrayList<>();
-    public List<ExcelSheetData> totalSheets = new ArrayList<>();
-    /**
-     * 是否为日期
-     */
-    private boolean isDateFormat = false;
-
-    public Integer getObtainedNum() {
-        return obtainedNum;
-    }
-
-    public void setObtainedNum(Integer obtainedNum) {
-        this.obtainedNum = obtainedNum;
-    }
-
-    private Integer obtainedNum = null;
-
-    public List<TableField> getFields() {
-        return fields;
-    }
-
-    public void setFields(List<TableField> fields) {
-        this.fields = fields;
-    }
-
-    public List<List<String>> getData() {
-        return data;
-    }
-
-    public void setData(List<List<String>> data) {
-        this.data = data;
-    }
-
-    public int process(InputStream inputStream) throws Exception {
-        OPCPackage pkg = OPCPackage.open(inputStream);
-        XSSFReader xssfReader = new XSSFReader(pkg);
-        stylesTable = xssfReader.getStylesTable();
-        SharedStringsTable sst = xssfReader.getSharedStringsTable();
-        XMLReader parser = XMLReaderFactory.createXMLReader("org.apache.xerces.parsers.SAXParser");
-        parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-        parser.setFeature("http://xml.org/sax/features/external-general-entities", false);
-        parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
-        this.sst = sst;
-        parser.setContentHandler(this);
-        XSSFReader.SheetIterator sheets = (XSSFReader.SheetIterator) xssfReader.getSheetsData();
-        while (sheets.hasNext()) { //遍历sheet
-
-            curRow = 1; //标记初始行为第一行
-            fields.clear();
-            data.clear();
-            InputStream sheet = sheets.next(); //sheets.next()和sheets.getSheetName()不能换位置，否则sheetName报错
-            InputSource sheetSource = new InputSource(sheet);
-            parser.parse(sheetSource); //解析excel的每条记录，在这个过程中startElement()、characters()、endElement()这三个函数会依次执行
-
-            ExcelSheetData excelSheetData = new ExcelSheetData();
-            excelSheetData.setData(new ArrayList<>(data));
-            excelSheetData.setExcelLabel(sheets.getSheetName());
-            excelSheetData.setFields(new ArrayList<>(fields));
-            totalSheets.add(excelSheetData);
-
-            sheet.close();
-        }
-        return totalRows; //返回该excel文件的总行数，不包括首列和空行
-    }
-
-    /**
-     * 第一个执行
-     *
-     * @param uri
-     * @param localName
-     * @param name
-     * @param attributes
-     * @throws SAXException
-     */
-    @Override
-    public void startElement(String uri, String localName, String name, Attributes attributes) throws SAXException {
-        if (this.obtainedNum != null && curRow > this.obtainedNum) {
-            return;
-        }
-
-        if (name.equalsIgnoreCase("mergeCell")) {
-            throw new RuntimeException(Translator.get("i18n_excel_have_merge_region"));
-        }
-        //c => 单元格
-        if ("c".equals(name)) {
-            //当前单元格的位置
-            ref = attributes.getValue("r");
-            //设定单元格类型
-            this.setNextDataType(attributes);
-        }
-
-        //当元素为t时
-        if ("t".equals(name)) {
-            isTElement = true;
-        } else {
-            isTElement = false;
-        }
-
-        //置空
-        lastIndex = "";
-    }
-
-    /**
-     * 第二个执行
-     * 得到单元格对应的索引值或是内容值
-     * 如果单元格类型是字符串、INLINESTR、数字、日期，lastIndex则是索引值
-     * 如果单元格类型是布尔值、错误、公式，lastIndex则是内容值
-     *
-     * @param ch
-     * @param start
-     * @param length
-     * @throws SAXException
-     */
-    @Override
-    public void characters(char[] ch, int start, int length) throws SAXException {
-        if (this.obtainedNum != null && curRow > this.obtainedNum) {
-            return;
-        }
-        lastIndex += new String(ch, start, length);
-    }
-
-    /**
-     * 第三个执行
-     *
-     * @param uri
-     * @param localName
-     * @param name
-     * @throws SAXException
-     */
-    @Override
-    public void endElement(String uri, String localName, String name) throws SAXException {
-        if (this.obtainedNum != null && curRow > this.obtainedNum) {
-            return;
-        }
-        //t元素也包含字符串
-        if (isTElement) {       //这个程序没经过
-            //将单元格内容加入rowlist中，在这之前先去掉字符串前后的空白符
-            String value = lastIndex.trim();
-            if (curRow == 1) {
-                TableField tableField = new TableField();
-                tableField.setFieldType("TEXT");
-                tableField.setFieldSize(65533);
-                tableField.setFieldName(value);
-                tableField.setRemarks(value);
-                this.fields.add(tableField);
-            }
-            cellList.add(curCol, value);
-            curCol++;
-            isTElement = false;
-            //如果里面某个单元格含有值，则标识该行不为空行
-            if (value != null && !"".equals(value)) {
-                flag = true;
-            }
-        } else if ("v".equals(name)) {
-            //v => 单元格的值，如果单元格是字符串，则v标签的值为该字符串在SST中的索引
-            String value = this.getDataValue(lastIndex.trim(), "");//根据索引值获取对应的单元格值
-            if (preRef == null) {
-                preRef = "A" + curRow;
-                if (!preRef.equalsIgnoreCase(ref)) {
-                    cellList.add(curCol, "");
-                    curCol++;
-                }
-            }
-
-            //补全单元格之间的空单元格
-            if (!"A".equals(preRef.substring(0, 1)) && curRow == 1 && preRef.equalsIgnoreCase(ref)) {
-                throw new RuntimeException(Translator.get("i18n_excel_empty_column"));
-            } else if (!ref.equals(preRef)) {
-                int len = countNullCell(ref, preRef);
-                for (int i = 0; i < len; i++) {
-                    if (curCol < this.fields.size()) {
-                        cellList.add(curCol, "");
-                        if (curRow == 1) {
-                            addField("", curCol);
-                        }
-                        curCol++;
-                    }
-                }
-            }
-
-            if (curCol < this.fields.size()) {
-                cellList.add(curCol, value);
-            }
-            curCol++;
-            //如果里面某个单元格含有值，则标识该行不为空行
-            if (value != null && !"".equals(value)) {
-                flag = true;
-            }
-            preRef = ref;
-        } else {
-            //如果标签名称为row，这说明已到行尾
-            if ("row".equals(name)) {
-                //默认第一行为表头，以该行单元格数目为最大数目
-                if (curRow == 1) {
-                    maxRef = ref;
-                }
-                if (curRow > 1) {
-                    for (int i = cellList.size(); i < this.fields.size(); i++) {
-                        cellList.add("");
-                    }
-                    List<String> tmp = new ArrayList<>(cellList);
-                    this.getData().add(tmp);
-                }
-                totalRows++;
-                cellList.clear();
-                curRow++;
-                curCol = 0;
-                preRef = null;
-                ref = null;
-                flag = false;
-            }
-        }
-    }
-
-    /**
-     * 处理数据类型
-     *
-     * @param attributes
-     */
-    public void setNextDataType(Attributes attributes) {
-        nextDataType = CellDataType.NUMBER; //cellType为空，则表示该单元格类型为数字
-        formatIndex = -1;
-        formatString = null;
-        isDateFormat = false;
-        String cellType = attributes.getValue("t"); //单元格类型
-        if ("b".equals(cellType)) { //处理布尔值
-            nextDataType = CellDataType.BOOL;
-        } else if ("e".equals(cellType)) {  //处理错误
-            nextDataType = CellDataType.ERROR;
-        } else if ("inlineStr".equals(cellType)) {
-            nextDataType = CellDataType.INLINESTR;
-        } else if ("s".equals(cellType)) { //处理字符串
-            nextDataType = CellDataType.SSTINDEX;
-        } else if ("str".equals(cellType)) {
-            nextDataType = CellDataType.SSTINDEX;
-        }
-
-        String cellStyleStr = attributes.getValue("s"); //
-        if (cellStyleStr != null) {
-            int styleIndex = Integer.parseInt(cellStyleStr);
-            XSSFCellStyle style = this.stylesTable.getStyleAt(styleIndex);
-            formatIndex = style.getDataFormat();
-            formatString = style.getDataFormatString();
-            short format = this.formatIndex;
-            if ((14 <= format && format <= 17) || format == 20 || format == 22 || format == 31 || format == 35 || format == 45 || format == 46 || format == 47 || (57 <= format && format <= 59)
-                    || (175 < format && format < 178) || (182 <= format && format <= 196) || (210 <= format && format <= 213) || (208 == format)) { // 日期
-                isDateFormat = true;
-            }
-
-        }
-
-    }
-
-    /**
-     * 对解析出来的数据进行类型处理
-     *
-     * @param value   单元格的值，
-     *                value代表解析：BOOL的为0或1， ERROR的为内容值，FORMULA的为内容值，INLINESTR的为索引值需转换为内容值，
-     *                SSTINDEX的为索引值需转换为内容值， NUMBER为内容值，DATE为内容值
-     * @param thisStr 一个空字符串
-     * @return
-     */
-    @SuppressWarnings("deprecation")
-    public String getDataValue(String value, String thisStr) {
-        String type = null;
-        switch (nextDataType) {
-            // 这几个的顺序不能随便交换，交换了很可能会导致数据错误
-            case BOOL: //布尔值
-                char first = value.charAt(0);
-                thisStr = first == '0' ? "FALSE" : "TRUE";
-                type = "LONG";
-                break;
-            case ERROR: //错误
-                thisStr = "\"ERROR:" + value.toString() + '"';
-                break;
-            case FORMULA: //公式
-                thisStr = '"' + value.toString() + '"';
-                type = getType(thisStr);
-                break;
-            case INLINESTR:
-                XSSFRichTextString rtsi = new XSSFRichTextString(value.toString());
-                thisStr = rtsi.toString();
-                rtsi = null;
-                break;
-            case SSTINDEX: //字符串
-                String sstIndex = value.toString();
-                try {
-                    int idx = Integer.parseInt(sstIndex);
-                    if (sst != null) {
-                        XSSFRichTextString rtss = new XSSFRichTextString(sst.getEntryAt(idx));//根据idx索引值获取内容值
-                        thisStr = rtss.toString();
-                        rtss = null;
-                    } else {
-                        thisStr = value.toString();
-                    }
-
-                } catch (NumberFormatException ex) {
-                    thisStr = value.toString();
-                }
-
-                break;
-            case NUMBER: //数字
-                if (formatString != null && isDateFormat) {
-                    if (getDatasetTableFields() != null && getDatasetTableFields().get(curCol).getDeExtractType() == 1) {
-                        thisStr = formatter.formatRawCellContents(Double.parseDouble(value), formatIndex, "yyyy-mm-dd hh:mm:ss").trim();
-                    } else {
-                        thisStr = formatter.formatRawCellContents(Double.parseDouble(value), formatIndex, formatString).trim();
-                    }
-                } else {
-                    thisStr = value;
-                }
-                thisStr = thisStr.replace("_", "").trim();
-
-                if (isDateFormat) {
-                    type = "DATETIME";
-                    isDateFormat = false;
-                    if (formatString != null && formatString.contains("%")) {
-                        type = getType(thisStr);
-                    }
-                } else {
-                    type = getType(thisStr);
-                }
-                break;
-            case DATE: //日期
-                thisStr = formatter.formatRawCellContents(Double.parseDouble(value), formatIndex, formatString);
-                // 对日期字符串作特殊处理，去掉T
-                thisStr = thisStr.replace("T", " ");
-                type = "DATETIME";
-                break;
-            default:
-                thisStr = " ";
-                break;
-        }
-        if (curRow == 1) {
-            addField(thisStr, null);
-        } else {
-            if (CollectionUtils.isEmpty(this.getFields())) {
-                throw new RuntimeException(Translator.get("i18n_excel_header_empty"));
-            }
-            if (curCol >= this.fields.size()) {
-                return thisStr;
-            }
-            if (curRow == 2) {
-                if (type != null) {
-                    this.getFields().get(curCol).setFieldType(type);
-                }
-            } else {
-                if (type != null) {
-                    if (type.equalsIgnoreCase("TEXT")) {
-                        this.getFields().get(curCol).setFieldType(type);
-                    }
-                    if (type.equalsIgnoreCase("DOUBLE") && this.getFields().get(curCol).getFieldType().equalsIgnoreCase("LONG")) {
-                        this.getFields().get(curCol).setFieldType(type);
-                    }
-                    if (type.equalsIgnoreCase("DATETIME")) {
-                        this.getFields().get(curCol).setFieldType(type);
-                    }
-                }
-            }
-        }
-        return thisStr;
-    }
-
-    private void addField(String columeName, Integer index) {
-        TableField tableField = new TableField();
-        tableField.setFieldType("TEXT");
-        tableField.setFieldSize(65533);
-        tableField.setFieldName(columeName);
-        tableField.setRemarks(columeName);
-        if (index != null) {
-            this.fields.add(index, tableField);
-        } else {
-            this.fields.add(tableField);
-        }
-    }
-
-    private String getType(String thisStr) {
-        if (totalRows == 0) {
-            return "TEXT";
-        }
-
-        try {
-            if (thisStr.endsWith("%")) {
-                thisStr = thisStr.substring(0, thisStr.length() - 1);
-                thisStr = String.valueOf(Double.valueOf(thisStr) / 100);
-            }
-            Long.valueOf(thisStr);
-            return "LONG";
-        } catch (Exception e) {
-            try {
-                Double.valueOf(thisStr);
-                return "DOUBLE";
-            } catch (Exception ignore) {
-            }
-        }
-        return "TEXT";
-    }
-
-    public int countNullCell(String ref, String preRef) {
-        //excel2007最大行数是1048576，最大列数是16384，最后一列列名是XFD
-        String xfd = ref.replaceAll("\\d+", "");
-        String xfd_1 = preRef.replaceAll("\\d+", "");
-
-        xfd = fillChar(xfd, 3, '@', true);
-        xfd_1 = fillChar(xfd_1, 3, '@', true);
-
-        char[] letter = xfd.toCharArray();
-        char[] letter_1 = xfd_1.toCharArray();
-        int res = (letter[0] - letter_1[0]) * 26 * 26 + (letter[1] - letter_1[1]) * 26 + (letter[2] - letter_1[2]);
-        return res - 1;
-    }
-
-    public String fillChar(String str, int len, char let, boolean isPre) {
-        int len_1 = str.length();
-        if (len_1 < len) {
-            if (isPre) {
-                for (int i = 0; i < (len - len_1); i++) {
-                    str = let + str;
-                }
-            } else {
-                for (int i = 0; i < (len - len_1); i++) {
-                    str = str + let;
-                }
-            }
-        }
-        return str;
-    }
-
-}
diff --git a/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java b/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java
index 672f89d46a..0686f48b8f 100644
--- a/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java
+++ b/backend/src/main/java/io/dataease/commons/wrapper/XssAndSqlHttpServletRequestWrapper.java
@@ -1,18 +1,6 @@
 package io.dataease.commons.wrapper;
 
 
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.util.*;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
 import com.google.gson.Gson;
 import io.dataease.commons.holder.ThreadLocalContextHolder;
 import io.dataease.commons.utils.CommonBeanFactory;
@@ -21,16 +9,30 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.core.env.Environment;
 import org.springframework.util.StreamUtils;
 
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 
 public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     private static Gson gson = new Gson();
 
+    private static final String defaultWhiteList = "/dataset/table/sqlPreview,/dataset/table/update,/dataset/field/multFieldValues,/dataset/field/linkMultFieldValues";
+
     HttpServletRequest orgRequest = null;
     private Map<String, String[]> parameterMap;
     private final byte[] body; //用于保存读取body中数据
 
-    public XssAndSqlHttpServletRequestWrapper(HttpServletRequest request) throws IOException{
+    public XssAndSqlHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
         super(request);
         orgRequest = request;
         parameterMap = request.getParameterMap();
@@ -38,6 +40,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
     }
 
     // 重写几个HttpServletRequestWrapper中的方法
+
     /**
      * 获取所有参数名
      *
@@ -159,7 +162,6 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
     }
 
     /**
-     *
      * 防止xss跨脚本攻击（替换，根据实际情况调整）
      */
 
@@ -208,9 +210,9 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
         return value;
     }
 
-    public static boolean checkSqlInjection(Object obj){
+    public static boolean checkSqlInjection(Object obj) {
         HttpServletRequest request = ServletUtils.request();
-        String url = request.getRequestURI().toString();
+        String url = request.getRequestURI();
 
         if (null == obj) return false;
         if (StringUtils.isEmpty(obj.toString())) return false;
@@ -219,14 +221,14 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
 
         if (StringUtils.isEmpty(orders)) return false;
 
-        String whiteLists = CommonBeanFactory.getBean(Environment.class).getProperty("dataease.sqlinjection.whitelists", String.class, null);
+        String whiteLists = CommonBeanFactory.getBean(Environment.class).getProperty("dataease.sqlinjection.whitelists", String.class, defaultWhiteList);
         if (StringUtils.isNotEmpty(whiteLists)) {
             // 命中白名单 无需检测sql注入
             if (Arrays.stream(whiteLists.split(",")).anyMatch(item -> url.indexOf(item) != -1)) return false;
         }
-        Pattern pattern= Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)" +
+        Pattern pattern = Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)" +
                 "|(.*\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|sleep|extractvalue|updatexml|substring|database|concat|rand|gtid_subset)\\b.*)");
-        Matcher matcher=pattern.matcher(orders.toLowerCase());
+        Matcher matcher = pattern.matcher(orders.toLowerCase());
         return matcher.find();
     }
 
@@ -236,7 +238,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
 
         if (value != null) {
             boolean b = checkSqlInjection(value);
-            if(b) {
+            if (b) {
                 ThreadLocalContextHolder.setData("包含SQL注入的参数，请检查参数！");
                 return true;
             }
@@ -320,7 +322,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
                     return true;
                 }
             } else if ((submitValues instanceof String[])) {
-                for (String submitValue : (String[])submitValues){
+                for (String submitValue : (String[]) submitValues) {
                     if (checkXSSAndSql(submitValue)) {
                         return true;
                     }
@@ -332,7 +334,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
 
     private static String orders(String json) {
         if (StringUtils.isEmpty(json)) return null;
-        try{
+        try {
             Map<String, Object> map = new Gson().fromJson(json, Map.class);
             Object orders = map.get("orders");
 
@@ -345,7 +347,7 @@ public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrappe
                 return sort.toString();
             }
             return null;
-        }catch (Exception e) {
+        } catch (Exception e) {
             return null;
         }
 
diff --git a/backend/src/main/java/io/dataease/controller/panel/AppLogController.java b/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
index 45a547acf3..207cbbb05e 100644
--- a/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
+++ b/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
@@ -3,6 +3,7 @@ package io.dataease.controller.panel;
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
+import io.dataease.auth.annotation.SqlInjectValidator;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.controller.handler.annotation.I18n;
@@ -35,6 +36,7 @@ public class AppLogController {
             @ApiImplicitParam(paramType = "path", name = "pageSize", value = "页容量", required = true, dataType = "Integer"),
             @ApiImplicitParam(name = "request", value = "查询条件", required = true)
     })
+    @SqlInjectValidator(value = {"apply_time"})
     public Pager<List<AppLogGridDTO>> logGrid(@PathVariable int goPage, @PathVariable int pageSize,
                                               @RequestBody KeyGridRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
diff --git a/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java b/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java
index 7f3b3e669f..d8e32122c4 100644
--- a/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java
+++ b/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java
@@ -3,10 +3,11 @@ package io.dataease.controller.sys;
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import io.dataease.auth.annotation.SqlInjectValidator;
-import io.dataease.plugins.common.base.domain.MyPlugin;
+import io.dataease.commons.utils.DeFileUtils;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.controller.sys.base.BaseGridRequest;
+import io.dataease.plugins.common.base.domain.MyPlugin;
 import io.dataease.service.sys.PluginService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -41,6 +42,7 @@ public class SysPluginController {
     @PostMapping("upload")
     @RequiresPermissions("plugin:upload")
     public Map<String, Object> localUpload(@RequestParam("file") MultipartFile file) throws Exception {
+        DeFileUtils.validateFile(file);
         return pluginService.localInstall(file);
     }
 
@@ -54,7 +56,8 @@ public class SysPluginController {
     @ApiOperation("更新插件")
     @PostMapping("/update/{pluginId}")
     @RequiresPermissions("plugin:upload")
-    public Map<String, Object> update(@PathVariable("pluginId") Long pluginId, @RequestParam("file") MultipartFile file) throws Exception{
+    public Map<String, Object> update(@PathVariable("pluginId") Long pluginId, @RequestParam("file") MultipartFile file) throws Exception {
+        DeFileUtils.validateFile(file);
         if (pluginService.uninstall(pluginId)) {
             return pluginService.localInstall(file);
         }
diff --git a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java
index 38e335dcdd..5f46a52c0d 100644
--- a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java
+++ b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java
@@ -4,10 +4,13 @@ import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
 import io.dataease.auth.annotation.DeLog;
+import io.dataease.auth.annotation.DePermission;
 import io.dataease.auth.annotation.SqlInjectValidator;
 import io.dataease.auth.api.dto.CurrentUserDto;
 import io.dataease.auth.entity.AccountLockStatus;
 import io.dataease.auth.service.AuthUserService;
+import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.commons.constants.SysLogConstants;
 import io.dataease.commons.exception.DEException;
 import io.dataease.commons.utils.AuthUtils;
@@ -102,6 +105,19 @@ public class SysUserController {
         return users;
     }
 
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
+    @PostMapping("/userGrid/{datasetId}")
+    @ApiImplicitParams({
+            @ApiImplicitParam(paramType = "path", name = "goPage", value = "页码", required = true, dataType = "Integer"),
+            @ApiImplicitParam(paramType = "path", name = "pageSize", value = "页容量", required = true, dataType = "Integer"),
+            @ApiImplicitParam(name = "request", value = "查询条件", required = true)
+    })
+    @SqlInjectValidator(value = {"create_time", "u.enabled", "nick_name", "u.dept_id"})
+    public Pager<List<SysUserGridResponse>> userGrids(@PathVariable String datasetId, @RequestBody KeyGridRequest request) {
+        return userGrid(0, 0, request);
+    }
+
+
     @ApiOperation("创建用户")
     @RequiresPermissions("user:add")
     @PostMapping("/create")
diff --git a/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java b/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
index f3ca151aa7..2ea36a98bf 100644
--- a/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
+++ b/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
@@ -10,7 +10,7 @@ import java.util.List;
 
 public interface ExtDataSourceMapper {
 
-    List<DatasourceDTO> query(GridExample example);
+    // List<DatasourceDTO> query(GridExample example);
 
     List<DatasourceDTO> queryUnion(DatasourceUnionRequest request);
 
diff --git a/backend/src/main/java/io/dataease/ext/ExtPanelViewLinkageMapper.xml b/backend/src/main/java/io/dataease/ext/ExtPanelViewLinkageMapper.xml
index 8fcc5c4476..88629926ca 100644
--- a/backend/src/main/java/io/dataease/ext/ExtPanelViewLinkageMapper.xml
+++ b/backend/src/main/java/io/dataease/ext/ExtPanelViewLinkageMapper.xml
@@ -61,7 +61,7 @@
        dataset_table_field.origin_name,
        dataset_table_field.`name`,
        dataset_table_field.de_type
-    from dataset_table_field where table_id = #{table_id}
+    from dataset_table_field where dataset_table_field.group_type = 'd' and table_id = #{table_id}
     </select>
 
     <select id="queryTableFieldWithViewId" resultMap="TableFieldMap">
diff --git a/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java b/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
index 5b5fc031f3..2b22a69d51 100644
--- a/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
+++ b/backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java
@@ -781,7 +781,7 @@ public class JdbcProvider extends DefaultJdbcProvider {
             case StarRocks:
                 MysqlConfiguration mysqlConfiguration = new Gson().fromJson(datasource.getConfiguration(), MysqlConfiguration.class);
                 mysqlConfiguration.getJdbc();
-                if(!mysqlConfiguration.getDataBase().matches("^[0-9a-zA-Z_-]{1,}$")){
+                if(!mysqlConfiguration.getDataBase().matches("^[0-9a-zA-Z_.-]{1,}$")){
                     throw new Exception("Invalid database name");
                 }
                 break;
@@ -796,7 +796,7 @@ public class JdbcProvider extends DefaultJdbcProvider {
                 break;
             case sqlServer:
                 SqlServerConfiguration sqlServerConfiguration = new Gson().fromJson(datasource.getConfiguration(), SqlServerConfiguration.class);
-                if(!sqlServerConfiguration.getDataBase().matches("^[0-9a-zA-Z_]{1,}$")){
+                if(!sqlServerConfiguration.getDataBase().matches("^[0-9a-zA-Z_.-\u4E00-\u9FA5\u8FBD-\u9FBB\uFA0E-\uFA29]{1,}$")){
                     throw new Exception("Invalid database name");
                 }
                 break;
diff --git a/backend/src/main/java/io/dataease/provider/engine/doris/DorisQueryProvider.java b/backend/src/main/java/io/dataease/provider/engine/doris/DorisQueryProvider.java
index 8e769bb1e1..38eec38e6a 100644
--- a/backend/src/main/java/io/dataease/provider/engine/doris/DorisQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/engine/doris/DorisQueryProvider.java
@@ -1077,16 +1077,16 @@ public class DorisQueryProvider extends QueryProvider {
                     String format = transDateFormat(request.getDateStyle(), request.getDatePattern());
                     if (field.getDeExtractType() == 0 || field.getDeExtractType() == 5 || field.getDeExtractType() == 1) {
                         String date = String.format(MySQLConstants.STR_TO_DATE, originName, StringUtils.isNotEmpty(field.getDateFormat()) ? field.getDateFormat() : MysqlConstants.DEFAULT_DATE_FORMAT);
-                        if(request.getOperator().equals("between")){
+                        if (request.getOperator().equals("between")) {
                             whereName = date;
-                        }else {
+                        } else {
                             whereName = String.format(MySQLConstants.DATE_FORMAT, date, format);
                         }
                     }
                     if (field.getDeExtractType() == 2 || field.getDeExtractType() == 3 || field.getDeExtractType() == 4) {
-                        if(request.getOperator().equals("between")){
+                        if (request.getOperator().equals("between")) {
                             whereName = originName;
-                        }else {
+                        } else {
                             String cast = String.format(MySQLConstants.CAST, originName, MySQLConstants.DEFAULT_INT_FORMAT) + "/1000";
                             whereName = String.format(DorisConstants.FROM_UNIXTIME, cast, format);
                         }
diff --git a/backend/src/main/java/io/dataease/provider/query/impala/ImpalaQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/impala/ImpalaQueryProvider.java
index 2cdb8c682c..a62a7fbf2e 100644
--- a/backend/src/main/java/io/dataease/provider/query/impala/ImpalaQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/query/impala/ImpalaQueryProvider.java
@@ -1095,7 +1095,10 @@ public class ImpalaQueryProvider extends QueryProvider {
                 whereName = "upper(" + whereName + ")";
             } else if (StringUtils.containsIgnoreCase(request.getOperator(), "between")) {
                 if (request.getDatasetTableField().getDeType() == DeTypeConstants.DE_TIME) {
-                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
+                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+                    if(request.getDatasetTableField().getDeExtractType() == DeTypeConstants.DE_TIME){
+                        simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
+                    }
                     String startTime = simpleDateFormat.format(new Date(Long.parseLong(value.get(0))));
                     String endTime = simpleDateFormat.format(new Date(Long.parseLong(value.get(1))));
                     whereValue = String.format(ImpalaConstants.WHERE_BETWEEN, startTime, endTime);
diff --git a/backend/src/main/java/io/dataease/provider/query/mysql/MysqlQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/mysql/MysqlQueryProvider.java
index bad34ddb82..f40b6061aa 100644
--- a/backend/src/main/java/io/dataease/provider/query/mysql/MysqlQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/query/mysql/MysqlQueryProvider.java
@@ -1065,7 +1065,7 @@ public class MysqlQueryProvider extends QueryProvider {
                 if (field.getDeType() == 1) {
                     String format = transDateFormat(request.getDateStyle(), request.getDatePattern());
                     if (field.getDeExtractType() == 0 || field.getDeExtractType() == 5 || field.getDeExtractType() == 1) {
-                        String date = String.format(MySQLConstants.STR_TO_DATE, originName, StringUtils.isNotEmpty(field.getDateFormat()) ? field.getDateFormat() : MysqlConstants.DEFAULT_DATE_FORMAT);
+                        String date = String.format(MySQLConstants.DATE_FORMAT, originName, StringUtils.isNotEmpty(field.getDateFormat()) ? field.getDateFormat() : MysqlConstants.DEFAULT_DATE_FORMAT);
                         if(request.getOperator().equals("between")){
                             whereName = date;
                         }else {
diff --git a/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
index 8f93f02a05..61cddc4093 100644
--- a/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/query/oracle/OracleQueryProvider.java
@@ -60,6 +60,7 @@ public class OracleQueryProvider extends QueryProvider {
 
     @Override
     public Integer transFieldType(String field) {
+        field = field.split("\\(")[0];
         switch (field) {
             case "CHAR":
             case "VARCHAR2":
diff --git a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
index 6077bbe9eb..abd95116f2 100644
--- a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
+++ b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
@@ -33,6 +33,7 @@ import io.dataease.plugins.common.base.mapper.ChartViewMapper;
 import io.dataease.plugins.common.base.mapper.DatasetTableFieldMapper;
 import io.dataease.plugins.common.base.mapper.PanelViewMapper;
 import io.dataease.plugins.common.constants.DatasetType;
+import io.dataease.plugins.common.constants.DatasourceTypes;
 import io.dataease.plugins.common.constants.datasource.SQLConstants;
 import io.dataease.plugins.common.dto.chart.ChartCustomFilterItemDTO;
 import io.dataease.plugins.common.dto.chart.ChartFieldCompareDTO;
@@ -447,7 +448,7 @@ public class ChartViewService {
             fieldMap.put("yAxis", yAxis);
             fieldMap.put("extStack", extStack);
             fieldMap.put("extBubble", extBubble);
-            PluginViewParam pluginViewParam = buildPluginParam(fieldMap, fieldCustomFilter, extFilterList, ds, table, view, rowPermissionsTree);
+            PluginViewParam pluginViewParam = buildPluginParam(fieldMap, fieldCustomFilter, extFilterList, ds, table, view, rowPermissionsTree, requestList);
             String sql = pluginViewSql(pluginViewParam, view);
             if (StringUtils.isBlank(sql)) {
                 return new ArrayList<String[]>();
@@ -611,7 +612,7 @@ public class ChartViewService {
             xAxis.addAll(xAxisExt);
         }
         List<ChartViewFieldDTO> yAxis = gson.fromJson(view.getYAxis(), tokenType);
-        if (StringUtils.equalsAnyIgnoreCase(view.getType(), "chart-mix","bidirectional-bar")) {
+        if (StringUtils.equalsAnyIgnoreCase(view.getType(), "chart-mix", "bidirectional-bar")) {
             List<ChartViewFieldDTO> yAxisExt = gson.fromJson(view.getYAxisExt(), tokenType);
             yAxis.addAll(yAxisExt);
         }
@@ -981,7 +982,7 @@ public class ChartViewService {
             fieldMap.put("extBubble", extBubble);
             fieldMap.put("xAxis", xAxis);
             fieldMap.put("yAxis", yAxis);
-            PluginViewParam pluginViewParam = buildPluginParam(fieldMap, fieldCustomFilter, extFilterList, ds, table, view, rowPermissionsTree);
+            PluginViewParam pluginViewParam = buildPluginParam(fieldMap, fieldCustomFilter, extFilterList, ds, table, view, rowPermissionsTree, chartExtRequest);
             String sql = pluginViewSql(pluginViewParam, view);
             if (StringUtils.isBlank(sql)) {
                 return emptyChartViewDTO(view);
@@ -1126,7 +1127,7 @@ public class ChartViewService {
             datasourceRequest.setTotalPageFlag(false);
             data = datasourceProvider.getData(datasourceRequest);
             if (CollectionUtils.isNotEmpty(assistFields)) {
-                datasourceAssistRequest.setQuery(assistSQL(datasourceRequest.getQuery(), assistFields));
+                datasourceAssistRequest.setQuery(assistSQL(datasourceRequest.getQuery(), assistFields, ds));
                 logger.info(datasourceAssistRequest.getQuery());
                 assistData = datasourceProvider.getData(datasourceAssistRequest);
             }
@@ -1158,7 +1159,7 @@ public class ChartViewService {
                 }
             }
             if (CollectionUtils.isNotEmpty(assistFields)) {
-                datasourceAssistRequest.setQuery(assistSQL(datasourceRequest.getQuery(), assistFields));
+                datasourceAssistRequest.setQuery(assistSQL(datasourceRequest.getQuery(), assistFields, ds));
                 logger.info(datasourceAssistRequest.getQuery());
                 assistData = datasourceProvider.getData(datasourceAssistRequest);
             }
@@ -1405,14 +1406,15 @@ public class ChartViewService {
         return res;
     }
 
-    public String assistSQL(String sql, List<ChartViewFieldDTO> assistFields) {
+    public String assistSQL(String sql, List<ChartViewFieldDTO> assistFields, Datasource ds) {
+        DatasourceTypes datasourceType = DatasourceTypes.valueOf(ds.getType());
         StringBuilder stringBuilder = new StringBuilder();
         for (int i = 0; i < assistFields.size(); i++) {
             ChartViewFieldDTO dto = assistFields.get(i);
             if (i == (assistFields.size() - 1)) {
-                stringBuilder.append(dto.getSummary() + "(" + dto.getOriginName() + ")");
+                stringBuilder.append(dto.getSummary() + "(" + datasourceType.getKeywordPrefix() + dto.getOriginName() + datasourceType.getKeywordSuffix() + ")");
             } else {
-                stringBuilder.append(dto.getSummary() + "(" + dto.getOriginName() + "),");
+                stringBuilder.append(dto.getSummary() + "(" + datasourceType.getKeywordPrefix() + dto.getOriginName() + datasourceType.getKeywordSuffix() + "),");
             }
         }
         return "SELECT " + stringBuilder + " FROM (" + sql + ") tmp";
@@ -1439,12 +1441,13 @@ public class ChartViewService {
         return dto;
     }
 
-    private PluginViewParam buildPluginParam(Map<String, List<ChartViewFieldDTO>> fieldMap, List<ChartFieldCustomFilterDTO> customFilters, List<ChartExtFilterRequest> extFilters, Datasource ds, DatasetTable table, ChartViewDTO view, List<DataSetRowPermissionsTreeDTO> rowPermissionsTree) {
+    private PluginViewParam buildPluginParam(Map<String, List<ChartViewFieldDTO>> fieldMap, List<ChartFieldCustomFilterDTO> customFilters, List<ChartExtFilterRequest> extFilters, Datasource ds, DatasetTable table, ChartViewDTO view, List<DataSetRowPermissionsTreeDTO> rowPermissionsTree, ChartExtRequest chartExtRequest) {
         PluginViewParam pluginViewParam = new PluginViewParam();
         PluginViewSetImpl pluginViewSet = BeanUtils.copyBean(new PluginViewSetImpl(), table);
         pluginViewSet.setDsType(ds.getType());
         pluginViewSet.setTableId(table.getId());
         pluginViewSet.setDs(ds);
+        pluginViewSet.setChartExtRequest(gson.toJson(chartExtRequest));
         PluginViewLimit pluginViewLimit = BeanUtils.copyBean(new PluginViewLimit(), view);
 
 
@@ -1849,8 +1852,8 @@ public class ChartViewService {
         chartViewMapper.updateByPrimaryKeySelective(chartView);
     }
 
-    private String handleVariable(String sql, ChartExtRequest requestList, QueryProvider qp, DataSetTableDTO table, Datasource ds) throws Exception {
-        List<SqlVariableDetails> sqlVariables = new Gson().fromJson(table.getSqlVariableDetails(), new TypeToken<List<SqlVariableDetails>>() {
+    public String preHandleVariable(String sql, ChartExtRequest requestList, QueryProvider qp, DataSetTableDTO table) {
+        List<SqlVariableDetails> sqlVariables = gson.fromJson(table.getSqlVariableDetails(), new TypeToken<List<SqlVariableDetails>>() {
         }.getType());
         if (requestList != null && CollectionUtils.isNotEmpty(requestList.getFilter())) {
             for (ChartExtFilterRequest chartExtFilterRequest : requestList.getFilter()) {
@@ -1861,7 +1864,7 @@ public class ChartViewService {
                     continue;
                 }
 
-                Boolean isEndParam = false;
+                boolean isEndParam = false;
                 for (String parameter : chartExtFilterRequest.getParameters()) {
                     if (parameter.contains("|DE|")) {
                         String[] parameterArray = parameter.split("\\|DE\\|");
@@ -1900,6 +1903,11 @@ public class ChartViewService {
                 }
             }
         }
+        return sql;
+    }
+
+    private String handleVariable(String sql, ChartExtRequest requestList, QueryProvider qp, DataSetTableDTO table, Datasource ds) throws Exception {
+        sql = preHandleVariable(sql, requestList, qp, table);
         sql = dataSetTableService.handleVariableDefaultValue(sql, null, ds.getType(), false);
         return sql;
     }
diff --git a/backend/src/main/java/io/dataease/service/chart/ViewPluginBaseServiceImpl.java b/backend/src/main/java/io/dataease/service/chart/ViewPluginBaseServiceImpl.java
index a8707f05fd..97b44fe33f 100644
--- a/backend/src/main/java/io/dataease/service/chart/ViewPluginBaseServiceImpl.java
+++ b/backend/src/main/java/io/dataease/service/chart/ViewPluginBaseServiceImpl.java
@@ -4,6 +4,7 @@ import cn.hutool.core.util.ReflectUtil;
 import com.google.gson.Gson;
 import io.dataease.commons.model.PluginViewSetImpl;
 import io.dataease.commons.utils.TableUtils;
+import io.dataease.controller.request.chart.ChartExtRequest;
 import io.dataease.dto.dataset.DataSetTableUnionDTO;
 import io.dataease.dto.dataset.DataTableInfoDTO;
 import io.dataease.plugins.common.base.domain.ChartViewWithBLOBs;
@@ -47,6 +48,9 @@ public class ViewPluginBaseServiceImpl implements ViewPluginBaseService {
     @Resource
     private DataSetTableService dataSetTableService;
 
+    @Resource
+    private ChartViewService chartViewService;
+
 
     @Override
     public PluginSingleField buildField(String dsType, PluginViewField pluginViewField, PluginViewSQL tableObj, int index) {
@@ -122,6 +126,10 @@ public class ViewPluginBaseServiceImpl implements ViewPluginBaseService {
                     break;
                 case SQL:
                     String sql = dataTableInfoDTO.isBase64Encryption() ? new String(java.util.Base64.getDecoder().decode(dataTableInfoDTO.getSql())) : dataTableInfoDTO.getSql();
+                    if (StringUtils.isNotBlank(pluginViewSet.getChartExtRequest())) {
+                        ChartExtRequest chartExtRequest = gson.fromJson(pluginViewSet.getChartExtRequest(), ChartExtRequest.class);
+                        sql = chartViewService.preHandleVariable(sql, chartExtRequest, ProviderFactory.getQueryProvider(pluginViewSet.getDsType()), dataSetTableService.getWithPermission(pluginViewSet.getTableId(), chartExtRequest.getUser()));
+                    }
                     tableName = dataSetTableService.handleVariableDefaultValue(sql, null, pluginViewSet.getDsType(), false);
                     tableName = "(" + sqlFix(tableName) + ")";
                     break;
diff --git a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
index 169b47dd2e..8bb823aba2 100644
--- a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
@@ -1,5 +1,11 @@
 package io.dataease.service.dataset;
 
+import com.alibaba.excel.EasyExcel;
+import com.alibaba.excel.ExcelReader;
+import com.alibaba.excel.context.AnalysisContext;
+import com.alibaba.excel.event.AnalysisEventListener;
+import com.alibaba.excel.metadata.CellData;
+import com.alibaba.excel.read.metadata.ReadSheet;
 import com.google.gson.Gson;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
@@ -51,6 +57,7 @@ import io.dataease.service.chart.util.ChartDataBuild;
 import io.dataease.service.datasource.DatasourceService;
 import io.dataease.service.engine.EngineService;
 import io.dataease.service.sys.SysAuthService;
+import lombok.Data;
 import net.sf.jsqlparser.expression.Alias;
 import net.sf.jsqlparser.expression.BinaryExpression;
 import net.sf.jsqlparser.expression.Expression;
@@ -68,7 +75,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.poi.hssf.usermodel.HSSFDateUtil;
 import org.apache.poi.ss.usermodel.*;
 import org.apache.poi.xssf.streaming.SXSSFWorkbook;
-import org.apache.poi.xssf.usermodel.XSSFWorkbook;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -2419,7 +2425,42 @@ public class DataSetTableService {
         return excelFileData;
     }
 
-    private List<ExcelSheetData> parseExcel(String filename, InputStream inputStream, boolean isPreview)
+    public List<ExcelSheetData> excelSheetDataList(InputStream inputStream, boolean isPreview) {
+        List<ExcelSheetData> excelSheetDataList = new ArrayList<>();
+        NoModelDataListener noModelDataListener = new NoModelDataListener();
+        ExcelReader excelReader = EasyExcel.read(inputStream, noModelDataListener).build();
+        List<ReadSheet> sheets = excelReader.excelExecutor().sheetList();
+        for (ReadSheet readSheet : sheets) {
+            noModelDataListener.clear();
+            List<TableField> fields = new ArrayList<>();
+            excelReader.read(readSheet);
+            for (String s : noModelDataListener.getHeader()) {
+                TableField tableFiled = new TableField();
+                tableFiled.setFieldType("TEXT");
+                tableFiled.setFieldName(s);
+                tableFiled.setRemarks(s);
+                fields.add(tableFiled);
+            }
+            List<List<String>> data = (isPreview && noModelDataListener.getData().size() > 1000 ? new ArrayList<>(noModelDataListener.getData().subList(0, 1000)) : noModelDataListener.getData());
+            if (isPreview) {
+                for (List<String> datum : data) {
+                    for (int i = 0; i < datum.size(); i++) {
+                        if (i < fields.size()) {
+                            cellType(datum.get(i), i, fields.get(i));
+                        }
+                    }
+                }
+            }
+            ExcelSheetData excelSheetData = new ExcelSheetData();
+            excelSheetData.setFields(fields);
+            excelSheetData.setData(data);
+            excelSheetData.setExcelLabel(readSheet.getSheetName());
+            excelSheetDataList.add(excelSheetData);
+        }
+        return excelSheetDataList;
+    }
+
+    public List<ExcelSheetData> parseExcel(String filename, InputStream inputStream, boolean isPreview)
             throws Exception {
         List<ExcelSheetData> excelSheetDataList = new ArrayList<>();
         String suffix = filename.substring(filename.lastIndexOf(".") + 1);
@@ -2430,10 +2471,7 @@ public class DataSetTableService {
             excelSheetDataList = excelXlsReader.totalSheets;
         }
         if (StringUtils.equalsIgnoreCase(suffix, "xlsx")) {
-            ExcelXlsxReader excelXlsxReader = new ExcelXlsxReader();
-            excelXlsxReader.setObtainedNum(1000);
-            excelXlsxReader.process(inputStream);
-            excelSheetDataList = excelXlsxReader.totalSheets;
+            excelSheetDataList = excelSheetDataList(inputStream, isPreview);
         }
 
         if (StringUtils.equalsIgnoreCase(suffix, "csv")) {
@@ -3019,4 +3057,85 @@ public class DataSetTableService {
             DataEaseException.throwException(e);
         }
     }
+
+    private String cellType(String value) {
+        try {
+            SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+            sdf.parse(value);
+            return "DATETIME";
+        } catch (Exception e1) {
+            try {
+                Double d = Double.valueOf(value);
+                double eps = 1e-10;
+                if (d - Math.floor(d) < eps) {
+                    return "LONG";
+                } else {
+                    return "DOUBLE";
+                }
+            } catch (Exception e2) {
+                return "TEXT";
+            }
+        }
+    }
+
+    private void cellType(String value, int i, TableField tableFiled) {
+        if (StringUtils.isEmpty(value)) {
+            return;
+        }
+        if (i == 0) {
+            tableFiled.setFieldType(cellType(value));
+        } else {
+            String type = cellType(value);
+            if (type.equalsIgnoreCase("TEXT")) {
+                tableFiled.setFieldType(type);
+            }
+            if (type.equalsIgnoreCase("DOUBLE") && tableFiled.getFieldType().equalsIgnoreCase("LONG")) {
+                tableFiled.setFieldType(type);
+            }
+        }
+
+
+    }
+
+@Data
+public class NoModelDataListener extends AnalysisEventListener<Map<Integer, String>> {
+    private List<List<String>> data = new ArrayList<>();
+    private List<String> header = new ArrayList<>();
+
+
+    @Override
+    public void invokeHead(Map<Integer, CellData> headMap, AnalysisContext context) {
+        super.invokeHead(headMap, context);
+        for (Integer key : headMap.keySet()) {
+            CellData cellData = headMap.get(key);
+            String value = cellData.getStringValue();
+            if (StringUtils.isEmpty(value)) {
+                value = "none_" + key;
+            }
+            header.add(value);
+        }
+    }
+
+    @Override
+    public void invoke(Map<Integer, String> dataMap, AnalysisContext context) {
+        List<String> line = new ArrayList<>();
+        for (Integer key : dataMap.keySet()) {
+            String value = dataMap.get(key);
+            if (StringUtils.isEmpty(value)) {
+                value = "none";
+            }
+            line.add(value);
+        }
+        data.add(line);
+    }
+
+    @Override
+    public void doAfterAllAnalysed(AnalysisContext analysisContext) {
+    }
+
+    public void clear() {
+        data.clear();
+        header.clear();
+    }
+}
 }
diff --git a/backend/src/main/java/io/dataease/service/dataset/ExtractDataService.java b/backend/src/main/java/io/dataease/service/dataset/ExtractDataService.java
index 791bad46ee..594b0479dd 100644
--- a/backend/src/main/java/io/dataease/service/dataset/ExtractDataService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/ExtractDataService.java
@@ -739,10 +739,7 @@ public class ExtractDataService {
                 totalSheets = excelXlsReader.totalSheets;
             }
             if (StringUtils.equalsIgnoreCase(suffix, "xlsx")) {
-                ExcelXlsxReader excelXlsxReader = new ExcelXlsxReader();
-                excelXlsxReader.setDatasetTableFields(datasetTableFields);
-                excelXlsxReader.process(new FileInputStream(excelSheetData.getPath()));
-                totalSheets = excelXlsxReader.totalSheets;
+                totalSheets = dataSetTableService.excelSheetDataList(new FileInputStream(excelSheetData.getPath()), false);
             }
 
             if (StringUtils.equalsIgnoreCase(suffix, "csv")) {
diff --git a/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java b/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
index e3f5ff4cd7..5279561c30 100644
--- a/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
+++ b/backend/src/main/java/io/dataease/service/datasource/DatasourceService.java
@@ -6,30 +6,28 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.reflect.TypeToken;
 import io.dataease.auth.annotation.DeCleaner;
-import io.dataease.commons.constants.RedisConstants;
-import io.dataease.commons.utils.BeanUtils;
-import io.dataease.controller.sys.response.BasicInfo;
-import io.dataease.dto.TaskInstance;
-import io.dataease.ext.ExtDataSourceMapper;
-import io.dataease.ext.ExtTaskInstanceMapper;
-import io.dataease.ext.UtilMapper;
-import io.dataease.ext.query.GridExample;
 import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.RedisConstants;
 import io.dataease.commons.constants.SysAuthConstants;
 import io.dataease.commons.exception.DEException;
 import io.dataease.commons.model.AuthURD;
 import io.dataease.commons.utils.AuthUtils;
+import io.dataease.commons.utils.BeanUtils;
 import io.dataease.commons.utils.CommonThreadPool;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.controller.ResultHolder;
 import io.dataease.controller.datasource.request.UpdataDsRequest;
 import io.dataease.controller.request.DatasourceUnionRequest;
 import io.dataease.controller.request.datasource.ApiDefinition;
-import io.dataease.controller.sys.base.BaseGridRequest;
-import io.dataease.controller.sys.base.ConditionEntity;
+import io.dataease.controller.sys.response.BasicInfo;
 import io.dataease.dto.DatasourceDTO;
+import io.dataease.dto.TaskInstance;
 import io.dataease.dto.dataset.DataTableInfoDTO;
-import io.dataease.dto.datasource.*;
+import io.dataease.dto.datasource.DBTableDTO;
+import io.dataease.dto.datasource.MysqlConfiguration;
+import io.dataease.ext.ExtDataSourceMapper;
+import io.dataease.ext.ExtTaskInstanceMapper;
+import io.dataease.ext.UtilMapper;
 import io.dataease.i18n.Translator;
 import io.dataease.plugins.common.base.domain.*;
 import io.dataease.plugins.common.base.mapper.DatasetTableMapper;
@@ -163,7 +161,7 @@ public class DatasourceService {
         List<DatasourceDTO> datasourceDTOS = extDataSourceMapper.queryUnion(request);
         datasourceDTOS.forEach(this::datasourceTrans);
         if (StringUtils.isBlank(request.getSort())) {
-            datasourceDTOS.sort((o1,o2) -> {
+            datasourceDTOS.sort((o1, o2) -> {
                 int tmp = StringUtils.compareIgnoreCase(o1.getTypeDesc(), o2.getTypeDesc());
                 if (tmp == 0) {
                     tmp = StringUtils.compareIgnoreCase(o1.getName(), o2.getName());
@@ -247,19 +245,6 @@ public class DatasourceService {
         return result;
     }
 
-    public List<DatasourceDTO> gridQuery(BaseGridRequest request) {
-        //如果没有查询条件增加一个默认的条件
-        if (CollectionUtils.isEmpty(request.getConditions())) {
-            ConditionEntity conditionEntity = new ConditionEntity();
-            conditionEntity.setField("1");
-            conditionEntity.setOperator("eq");
-            conditionEntity.setValue("1");
-            request.setConditions(Collections.singletonList(conditionEntity));
-        }
-        GridExample gridExample = request.convertExample();
-        gridExample.setExtendCondition(String.valueOf(AuthUtils.getUser().getUserId()));
-        return extDataSourceMapper.query(gridExample);
-    }
 
     @DeCleaner(DePermissionType.DATASOURCE)
     public ResultHolder deleteDatasource(String datasourceId) throws Exception {
@@ -301,11 +286,12 @@ public class DatasourceService {
             DatasetTableExample datasetTableExample = new DatasetTableExample();
             datasetTableExample.createCriteria().andDataSourceIdEqualTo(id);
             List<DatasetTable> datasetTables = datasetTableMapper.selectByExample(datasetTableExample);
-            List<ApiDefinition> apiDefinitionList = new Gson().fromJson(datasource.getConfiguration(), new TypeToken<List<ApiDefinition>>() {}.getType());
+            List<ApiDefinition> apiDefinitionList = new Gson().fromJson(datasource.getConfiguration(), new TypeToken<List<ApiDefinition>>() {
+            }.getType());
             apiDefinitionList.forEach(apiDefinition -> {
-                if(apiDefinition.isReName()){
+                if (apiDefinition.isReName()) {
                     datasetTables.forEach(datasetTable -> {
-                        if(new Gson().fromJson(datasetTable.getInfo(), DataTableInfoDTO.class).getTable().equals(apiDefinition.getOrgName())){
+                        if (new Gson().fromJson(datasetTable.getInfo(), DataTableInfoDTO.class).getTable().equals(apiDefinition.getOrgName())) {
                             DatasetTable record = new DatasetTable();
                             DataTableInfoDTO dataTableInfoDTO = new DataTableInfoDTO();
                             dataTableInfoDTO.setTable(apiDefinition.getName());
@@ -650,7 +636,7 @@ public class DatasourceService {
 
     public void updateDemoDs() {
         Datasource datasource = datasourceMapper.selectByPrimaryKey("76026997-94f9-4a35-96ca-151084638969");
-        if(datasource == null){
+        if (datasource == null) {
             return;
         }
         MysqlConfiguration mysqlConfiguration = new Gson().fromJson(datasource.getConfiguration(), MysqlConfiguration.class);
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
index e2095991b5..fb50ef16d8 100644
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -68,7 +68,7 @@ spring.cache.ehcache.config=classpath:/ehcache/ehcache.xml
 pagehelper.PageRowBounds=true
 #excel\u7B49\u7528\u6237\u4E0A\u4F20\u6587\u4EF6\u8DEF\u5F84
 upload.file.path=/opt/dataease/data/kettle/
-dataease.sqlinjection.whitelists=/dataset/table/sqlPreview,/dataset/table/update,/dataset/field/multFieldValues,/dataset/field/linkMultFieldValues
+#dataease.sqlinjection.whitelists=/dataset/table/sqlPreview,/dataset/table/update,/dataset/field/multFieldValues,/dataset/field/linkMultFieldValues
 #\u5F00\u542F\u538B\u7F29 \u63D0\u9AD8\u54CD\u5E94\u901F\u5EA6 \u51CF\u5C11\u5E26\u5BBD\u538B\u529B
 server.compression.enabled=true
 server.compression.mime-types=application/javascript,text/css,application/json,application/xml,text/html,text/xml,text/plain
diff --git a/backend/src/main/resources/db/migration/V56__1.18.9.sql b/backend/src/main/resources/db/migration/V56__1.18.9.sql
new file mode 100644
index 0000000000..3d6018d62f
--- /dev/null
+++ b/backend/src/main/resources/db/migration/V56__1.18.9.sql
@@ -0,0 +1,4 @@
+UPDATE `my_plugin`
+SET `version` = '1.18.9'
+where `plugin_id` > 0
+  and `version` = '1.18.8';
diff --git a/frontend/package.json b/frontend/package.json
index a7449158f9..ba27c63f0d 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dataease",
-  "version": "1.18.8",
+  "version": "1.18.9",
   "description": "dataease front",
   "private": true,
   "scripts": {
diff --git a/frontend/src/components/asyncComponent/index.vue b/frontend/src/components/asyncComponent/index.vue
index 553188bcd8..715c7507dc 100644
--- a/frontend/src/components/asyncComponent/index.vue
+++ b/frontend/src/components/asyncComponent/index.vue
@@ -3,6 +3,8 @@
     :is="mode"
     :ref="refId"
     :obj="obj"
+    :bus="bus"
+    :axios-request="request"
     v-bind="$attrs"
     v-on="$listeners"
   />
@@ -11,6 +13,9 @@
 <script>
 import { uuid } from 'vue-uuid'
 import { get } from '@/api/system/dynamic'
+import bus from '@/utils/bus'
+import request from '@/utils/request'
+
 export default {
   name: 'AsyncComponent',
   inheritAttrs: true,
@@ -29,7 +34,9 @@ export default {
     return {
       resData: '',
       mode: '',
-      refId: null
+      refId: null,
+      bus: bus,
+      request: request
     }
   },
   watch: {
@@ -61,6 +68,9 @@ export default {
   created() {
     this.refId = uuid.v1
   },
+  beforeDestroy() {
+    this.mode = null
+  },
   methods: {
     /* chartResize() {
       this.$refs[this.refId] && this.$refs[this.refId].chartResize && this.$refs[this.refId].chartResize()
diff --git a/frontend/src/components/canvas/components/editor/ComponentWrapper.vue b/frontend/src/components/canvas/components/editor/ComponentWrapper.vue
index 7f444018a5..9a864b18f9 100644
--- a/frontend/src/components/canvas/components/editor/ComponentWrapper.vue
+++ b/frontend/src/components/canvas/components/editor/ComponentWrapper.vue
@@ -151,13 +151,19 @@ export default {
   data() {
     return {
       previewVisible: false,
-      chart: null,
       seriesIdMap: {
         id: ''
       }
     }
   },
   computed: {
+    chart() {
+      if (this.config.propValue?.viewId) {
+        const viewInfo = this.panelViewDetailsInfo[this.config.propValue.viewId];
+        return viewInfo?JSON.parse(viewInfo):null
+      }
+      return null
+    },
     componentCanvasId() {
       if (this.config.type === 'view') {
         return 'user-view-' + this.config.propValue.viewId
@@ -216,7 +222,8 @@ export default {
       'mobileLayoutStatus',
       'curComponent',
       'previewCanvasScale',
-      'componentGap'
+      'componentGap',
+      'panelViewDetailsInfo'
     ])
   },
   mounted() {
@@ -286,8 +293,7 @@ export default {
         }
       } else {
         return {
-          ...
-            getStyle(style, ['top', 'left', 'width', 'height', 'rotate']),
+          ...getStyle(style, ['top', 'left', 'width', 'height', 'rotate']),
           position: 'relative'
         }
       }
@@ -300,6 +306,9 @@ export default {
           this[event](events[event])
         })
       }
+    },
+    setChartData() {
+
     },
     elementMouseDown(e) {
       // // private 设置当前组件数据及状态
diff --git a/frontend/src/components/canvas/components/editor/EditBar.vue b/frontend/src/components/canvas/components/editor/EditBar.vue
index d8cddc65ee..42ee290db0 100644
--- a/frontend/src/components/canvas/components/editor/EditBar.vue
+++ b/frontend/src/components/canvas/components/editor/EditBar.vue
@@ -81,6 +81,14 @@
           @click.stop="showViewDetails('details')"
         />
       </span>
+      <span :title="$t('route.exportExcel')">
+        <i
+          v-if="exportExcelShow"
+          style="line-height: 24px"
+          class="el-icon-document-delete"
+          @click.stop="exportExcelDownload()"
+        />
+      </span>
       <setting-menu
         v-if="activeModel==='edit'"
         style="float: right;height: 24px!important;"
@@ -195,6 +203,8 @@ import Background from '@/views/background/index'
 import MapLayerController from '@/views/chart/components/map/MapLayerController'
 import { uploadFileResult } from '@/api/staticResource/staticResource'
 import eventBus from '@/components/canvas/utils/eventBus'
+import { hasDataPermission } from '@/utils/permission'
+import { exportExcelDownload } from '@/components/canvas/utils/utils'
 
 export default {
   components: { Background, LinkJumpSet, FieldsList, SettingMenu, LinkageField, MapLayerController },
@@ -283,6 +293,9 @@ export default {
     detailsShow() {
       return this.curComponent.type === 'view' && this.terminal === 'pc' && this.curComponent.propValue.innerType && this.curComponent.propValue.innerType !== 'richTextView'
     },
+    exportExcelShow() {
+      return this.detailsShow && hasDataPermission('export', this.$store.state.panel.panelInfo.privileges) && this.chart
+    },
     enlargeShow() {
       return this.curComponent.type === 'view' && this.curComponent.propValue.innerType && this.curComponent.propValue.innerType !== 'richTextView' && !this.curComponent.propValue.innerType.includes('table')
     },
@@ -455,6 +468,9 @@ export default {
     showViewDetails(openType = 'details') {
       this.$emit('showViewDetails', { openType: openType })
     },
+    exportExcelDownload() {
+      exportExcelDownload(this.chart)
+    },
     auxiliaryMatrixChange() {
       if (this.curComponent.auxiliaryMatrix) {
         this.curComponent.auxiliaryMatrix = false
diff --git a/frontend/src/components/canvas/components/editor/LinkageField.vue b/frontend/src/components/canvas/components/editor/LinkageField.vue
index ae39d47366..50f3ff391f 100644
--- a/frontend/src/components/canvas/components/editor/LinkageField.vue
+++ b/frontend/src/components/canvas/components/editor/LinkageField.vue
@@ -171,23 +171,19 @@ export default {
       return this.targetLinkageInfo[this.curLinkageView.propValue.viewId]
     },
     ...mapState([
-      'menuTop',
-      'menuLeft',
-      'menuShow',
-      'curComponent',
-      'componentData',
-      'canvasStyleData',
-      'linkageSettingStatus',
       'targetLinkageInfo',
       'curLinkageView'
     ])
   },
   mounted() {
+    const _this = this
     // 初始化映射关系 如果当前是相同的数据集且没有关联关系，则自动补充映射关系
     checkSameDataSet(this.curLinkageView.propValue.viewId, this.element.propValue.viewId).then(res => {
       if (res.data === 'YES' && this.linkageInfo.linkageFields.length === 0) {
         this.sourceLinkageInfo.targetViewFields.forEach(item => {
-          this.addLinkageField(item.id, item.id)
+          _this.$nextTick(() => {
+            this.addLinkageField(item.id, item.id)
+          })
         })
       }
     })
diff --git a/frontend/src/components/canvas/components/editor/Preview.vue b/frontend/src/components/canvas/components/editor/Preview.vue
index 513570607f..870bdb5fc8 100644
--- a/frontend/src/components/canvas/components/editor/Preview.vue
+++ b/frontend/src/components/canvas/components/editor/Preview.vue
@@ -238,6 +238,8 @@ export default {
     return {
       imageDownloading: false,
       chartDetailsVisible: false,
+      canvasMain: null,
+      tempCanvas: null,
       showChartInfo: {},
       showChartTableInfo: {},
       showChartInfoType: 'details',
@@ -439,8 +441,14 @@ export default {
     this.initPdfTemplate()
   },
   beforeDestroy() {
-    erd.uninstall(this.$refs[this.previewTempRefId])
-    erd.uninstall(this.$refs[this.previewRefId])
+    if (this.$refs[this.previewTempRefId]) {
+      erd.uninstall(this.$refs[this.previewTempRefId])
+    }
+    if (this.$refs[this.previewRefId]) {
+      erd.uninstall(this.$refs[this.previewRefId])
+    }
+    erd.uninstall(this.canvasMain)
+    erd.uninstall(this.tempCanvas)
     clearInterval(this.timer)
     this.canvasId === 'canvas-main' && bus.$off('pcChartDetailsDialog', this.openChartDetailsDialog)
     bus.$off('trigger-search-button', this.triggerSearchButton)
@@ -719,26 +727,27 @@ export default {
       bus.$emit('onScroll')
     },
     initListen() {
-      const _this = this
-      const canvasMain = document.getElementById(this.previewDomId)
+      this.canvasMain = document.getElementById(this.previewDomId)
       // 监听主div变动事件
-      if (canvasMain) {
-        erd.listenTo(canvasMain, element => {
-          _this.$nextTick(() => {
-            _this.restore()
+      if (this.canvasMain) {
+        erd.uninstall(this.canvasMain)
+        erd.listenTo(this.canvasMain, () => {
+          this.$nextTick(() => {
+            this.restore()
           })
         })
       }
       setTimeout(() => {
         // 监听画布div变动事件
-        const tempCanvas = document.getElementById(this.previewTempDomId)
-        if (tempCanvas) {
-          erd.listenTo(document.getElementById(this.previewTempDomId), element => {
-            _this.$nextTick(() => {
+        this.tempCanvas = document.getElementById(this.previewTempDomId)
+        if (this.tempCanvas) {
+          erd.uninstall(this.tempCanvas)
+          erd.listenTo(document.getElementById(this.previewTempDomId), () => {
+            this.$nextTick(() => {
               // 将mainHeight 修改为px 临时解决html2canvas 截图不全的问题
-              _this.mainHeight = tempCanvas.scrollHeight + 'px!important'
-              _this.mainHeightCount = tempCanvas.scrollHeight
-              this.$emit('mainHeightChange', _this.mainHeight)
+              this.mainHeight = this.tempCanvas.scrollHeight + 'px!important'
+              this.mainHeightCount = this.tempCanvas.scrollHeight
+              this.$emit('mainHeightChange', this.mainHeight)
             })
           })
         }
diff --git a/frontend/src/components/canvas/customComponent/UserView.vue b/frontend/src/components/canvas/customComponent/UserView.vue
index b27195250f..979f7dd264 100644
--- a/frontend/src/components/canvas/customComponent/UserView.vue
+++ b/frontend/src/components/canvas/customComponent/UserView.vue
@@ -190,7 +190,6 @@
 </template>
 
 <script>
-
 import { viewData } from '@/api/panel/panel'
 import { viewInfo } from '@/api/link'
 import ChartComponent from '@/views/chart/components/ChartComponent.vue'
@@ -353,14 +352,15 @@ export default {
         pageSize: 20,
         show: 0
       },
-      view: {}
+      view: {},
+      cancelTime: null
     }
   },
 
   computed: {
     // 首次加载且非编辑状态新复制的视图，使用外部filter
     initLoad() {
-      return !(this.isEdit && this.currentCanvasNewId.includes(this.element.id)) && this.isFirstLoad
+      return !(this.isEdit && this.currentCanvasNewId.includes(this.element.id)) && this.isFirstLoad && this.canvasId === 'canvas-main'
     },
     scaleCoefficient() {
       if (this.terminal === 'pc' && !this.mobileLayoutStatus) {
@@ -560,6 +560,12 @@ export default {
   },
 
   beforeDestroy() {
+    for (const key in this.chart) {
+      this.$delete(this.chart, key)
+    }
+    for (const key in this.view) {
+      this.$delete(this.view, key)
+    }
     this.innerRefreshTimer && clearInterval(this.innerRefreshTimer)
     bus.$off('plugin-chart-click', this.pluginChartClick)
     bus.$off('plugin-jump-click', this.pluginJumpClick)
@@ -570,6 +576,7 @@ export default {
     bus.$off('onThemeColorChange', this.optFromBatchThemeChange)
     bus.$off('onThemeAttrChange', this.optFromBatchSingleProp)
     bus.$off('clear_panel_linkage', this.clearPanelLinkage)
+    bus.$off('tab-canvas-change', this.tabSwitch)
   },
   created() {
     this.refId = uuid.v1
@@ -749,10 +756,20 @@ export default {
     },
     getData(id, cache = true, dataBroadcast = false) {
       if (id) {
-        if (this.getDataLoading) return
+        if (this.getDataLoading || Vue.prototype.$currentHttpRequestList.get(`/chart/view/getData/${id}/${this.panelInfo.id}`)) {
+          const url = `/chart/view/getData/${id}/${this.panelInfo.id}`
+          Vue.prototype.$cancelRequest(url)
+          Vue.prototype.$currentHttpRequestList.delete(url)
+          this.getDataLoading = false
+          this.getData(id, cache, dataBroadcast)
+          clearTimeout(this.cancelTime)
+          this.cancelTime = setTimeout(() => {
+            this.requestStatus = 'waiting'
+          }, 0)
+          return
+        }
         this.requestStatus = 'waiting'
         this.message = null
-
         // 增加判断 仪表板公共连接中使用viewInfo 正常使用viewData
         let method = viewData
         const token = this.$store.getters.token || getToken()
@@ -855,8 +872,8 @@ export default {
     },
     initCurFields(chartDetails) {
       this.curFields = []
-      this.dataRowSelect = []
-      this.dataRowNameSelect = []
+      this.dataRowSelect = {}
+      this.dataRowNameSelect = {}
       if (chartDetails.data && chartDetails.data.sourceFields) {
         const checkAllAxisStr = chartDetails.xaxis + chartDetails.xaxisExt + chartDetails.yaxis + chartDetails.yaxisExt
         chartDetails.data.sourceFields.forEach(field => {
diff --git a/frontend/src/components/canvas/customComponent/UserViewDialog.vue b/frontend/src/components/canvas/customComponent/UserViewDialog.vue
index db5ab9106b..abfeacff8b 100644
--- a/frontend/src/components/canvas/customComponent/UserViewDialog.vue
+++ b/frontend/src/components/canvas/customComponent/UserViewDialog.vue
@@ -82,11 +82,9 @@ import ChartComponentG2 from '@/views/chart/components/ChartComponentG2'
 import PluginCom from '@/views/system/plugin/PluginCom'
 import ChartComponentS2 from '@/views/chart/components/ChartComponentS2'
 import LabelNormalText from '@/views/chart/components/normal/LabelNormalText'
-import { exportDetails, innerExportDetails } from '@/api/panel/panel'
 import html2canvas from 'html2canvasde'
 import { hexColorToRGBA } from '@/views/chart/chart/util'
-import { deepCopy, exportImg, imgUrlTrans } from '@/components/canvas/utils/utils'
-import { getLinkToken, getToken } from '@/utils/auth'
+import { deepCopy, exportExcelDownload, exportImg, imgUrlTrans } from '@/components/canvas/utils/utils'
 
 export default {
   name: 'UserViewDialog',
@@ -262,75 +260,8 @@ export default {
       this.lastMapChart = JSON.parse(JSON.stringify(data))
     },
     exportExcelDownload(snapshot, width, height, callBack) {
-      const excelHeader = JSON.parse(JSON.stringify(this.chart.data.fields)).map(item => item.name)
-      const excelTypes = JSON.parse(JSON.stringify(this.chart.data.fields)).map(item => item.deType)
-      const excelHeaderKeys = JSON.parse(JSON.stringify(this.chart.data.fields)).map(item => item.dataeaseName)
-      let excelData = JSON.parse(JSON.stringify(this.chart.data.tableRow)).map(item => excelHeaderKeys.map(i => item[i]))
-      const excelName = this.chart.name
-      let detailFields = []
-      if (this.chart.data.detailFields?.length) {
-        detailFields = this.chart.data.detailFields.map(item => {
-          const temp = {
-            name: item.name,
-            deType: item.deType,
-            dataeaseName: item.dataeaseName
-          }
-          return temp
-        })
-        excelData = JSON.parse(JSON.stringify(this.chart.data.tableRow)).map(item => {
-          const temp = excelHeaderKeys.map(i => {
-            if (i === 'detail' && !item[i] && Array.isArray(item['details'])) {
-              const arr = item['details']
-              if (arr?.length) {
-                return arr.map(ele => detailFields.map(field => ele[field.dataeaseName]))
-              }
-              return null
-            }
-            return item[i]
-          })
-          return temp
-        })
-      }
-      const request = {
-        proxy: null,
-        viewId: this.chart.id,
-        viewName: excelName,
-        header: excelHeader,
-        details: excelData,
-        excelTypes: excelTypes,
-        snapshot: snapshot,
-        snapshotWidth: width,
-        snapshotHeight: height,
-        componentFilterInfo: this.lastViewRequestInfo[this.chart.id],
-        excelHeaderKeys: excelHeaderKeys,
-        detailFields
-      }
-      let method = innerExportDetails
-      const token = this.$store.getters.token || getToken()
-      const linkToken = this.$store.getters.linkToken || getLinkToken()
-      if (!token && linkToken) {
-        method = exportDetails
-        this.linkLoading = true
-      }
-
-      if (this.panelInfo.proxy) {
-        request.proxy = { userId: this.panelInfo.proxy }
-      }
-      method(request).then((res) => {
-        const blob = new Blob([res], { type: 'application/vnd.ms-excel' })
-        const link = document.createElement('a')
-        link.style.display = 'none'
-        link.href = URL.createObjectURL(blob)
-        link.download = excelName + '.xlsx' // 下载的文件名
-        document.body.appendChild(link)
-        link.click()
-        document.body.removeChild(link)
-        this.linkLoading = false
-        callBack && callBack()
-      }).catch(() => {
-        this.linkLoading = false
-        callBack && callBack()
-      })
+      const loadingWrapper = { val: this.linkLoading }
+      exportExcelDownload(this.chart, snapshot, width, height, loadingWrapper, callBack)
     },
 
     renderComponent() {
diff --git a/frontend/src/components/canvas/utils/utils.js b/frontend/src/components/canvas/utils/utils.js
index 5d72c1281c..853bc73376 100644
--- a/frontend/src/components/canvas/utils/utils.js
+++ b/frontend/src/components/canvas/utils/utils.js
@@ -12,6 +12,8 @@ import { AIDED_DESIGN, MOBILE_SETTING, PAGE_LINE_DESIGN, PANEL_CHART_INFO, TAB_C
 import html2canvas from 'html2canvasde'
 import xssCheck from 'xss'
 import Vue from 'vue'
+import { exportDetails, innerExportDetails } from '@/api/panel/panel'
+import { getLinkToken, getToken } from '@/utils/auth'
 
 export function deepCopy(target) {
   if (typeof target === 'object' && target !== null) {
@@ -425,3 +427,81 @@ export function formatDatasetTreeFolder(tree) {
 export function getCacheTree(treeName) {
   return JSON.parse(localStorage.getItem(treeName))
 }
+
+export function exportExcelDownload(chart, snapshot, width, height, loadingWrapper, callBack) {
+  if (chart.render === 'antv' && !chart.data?.data?.length) {
+    return
+  }
+  if (chart.type === 'echarts' && !(chart.data?.series?.length && chart.data?.series[0].data?.length)) {
+    return
+  }
+  const fields = JSON.parse(JSON.stringify(chart.data.fields))
+  const tableRow = JSON.parse(JSON.stringify(chart.data.tableRow))
+  const excelHeader = fields.map(item => item.name)
+  const excelTypes = fields.map(item => item.deType)
+  const excelHeaderKeys = fields.map(item => item.dataeaseName)
+  let excelData = tableRow.map(item => excelHeaderKeys.map(i => item[i]))
+  const excelName = chart.name
+  let detailFields = []
+  if (chart.data.detailFields?.length) {
+    detailFields = chart.data.detailFields.map(item => {
+      return {
+        name: item.name,
+        deType: item.deType,
+        dataeaseName: item.dataeaseName
+      }
+    })
+    excelData = tableRow.map(item => {
+      return excelHeaderKeys.map(i => {
+        if (i === 'detail' && !item[i] && Array.isArray(item['details'])) {
+          const arr = item['details']
+          if (arr?.length) {
+            return arr.map(ele => detailFields.map(field => ele[field.dataeaseName]))
+          }
+          return null
+        }
+        return item[i]
+      })
+    })
+  }
+  const request = {
+    proxy: null,
+    viewId: chart.id,
+    viewName: excelName,
+    header: excelHeader,
+    details: excelData,
+    excelTypes: excelTypes,
+    snapshot: snapshot,
+    snapshotWidth: width,
+    snapshotHeight: height,
+    componentFilterInfo: store.state.lastViewRequestInfo[chart.id],
+    excelHeaderKeys: excelHeaderKeys,
+    detailFields
+  }
+  let method = innerExportDetails
+  const token = store.getters.token || getToken()
+  const linkToken = store.getters.linkToken || getLinkToken()
+  if (!token && linkToken) {
+    method = exportDetails
+    loadingWrapper && (loadingWrapper.val = true)
+  }
+  const panelInfo = store.state.panel.panelInfo
+  if (panelInfo.proxy) {
+    request.proxy = { userId: panelInfo.proxy }
+  }
+  method(request).then((res) => {
+    const blob = new Blob([res], { type: 'application/vnd.ms-excel' })
+    const link = document.createElement('a')
+    link.style.display = 'none'
+    link.href = URL.createObjectURL(blob)
+    link.download = excelName + '.xlsx' // 下载的文件名
+    document.body.appendChild(link)
+    link.click()
+    document.body.removeChild(link)
+    loadingWrapper && (loadingWrapper.val = false)
+    callBack && callBack()
+  }).catch(() => {
+    loadingWrapper && (loadingWrapper.val = false)
+    callBack && callBack()
+  })
+}
diff --git a/frontend/src/components/dragItem/index.vue b/frontend/src/components/dragItem/index.vue
index ef45d7fca3..a9be8827fe 100644
--- a/frontend/src/components/dragItem/index.vue
+++ b/frontend/src/components/dragItem/index.vue
@@ -6,7 +6,16 @@
       class="item-axis"
       @close="removeItem"
     >
-      {{ item.name }}
+      <el-tooltip
+        v-if="toolTip"
+        class="item"
+        effect="dark"
+        :content="toolTip || item.name"
+        placement="top"
+      >
+        <span>{{ item.name }}</span>
+      </el-tooltip>
+      <span v-else>{{ item.name }}</span>
     </el-tag>
   </span>
 </template>
@@ -22,6 +31,11 @@ export default {
     index: {
       type: Number,
       required: true
+    },
+    toolTip: {
+      type: String,
+      required: false,
+      default: ''
     }
 
   },
diff --git a/frontend/src/components/elTreeSelect/index.vue b/frontend/src/components/elTreeSelect/index.vue
index 20f09c9dd9..fe57dc5bc9 100644
--- a/frontend/src/components/elTreeSelect/index.vue
+++ b/frontend/src/components/elTreeSelect/index.vue
@@ -410,7 +410,7 @@ export default {
     },
     _filterFun(value, data, node) {
       if (!value) return true
-      return data[this.propsLabel].indexOf(value) !== -1
+      return data[this.propsLabel?.toLocaleUpperCase()].indexOf(value.toLocaleUpperCase()) !== -1
     },
     _treeNodeClickFun(data, node, vm) {
       const { multiple } = this.selectParams
diff --git a/frontend/src/components/elVisualSelect/index.vue b/frontend/src/components/elVisualSelect/index.vue
index e5320bad55..326c5af39d 100644
--- a/frontend/src/components/elVisualSelect/index.vue
+++ b/frontend/src/components/elVisualSelect/index.vue
@@ -121,7 +121,7 @@ export default {
     },
     keyWord(val, old) {
       if (val === old) return
-      const results = val ? this.list.filter(item => item.text.includes(val)) : null
+      const results = val ? this.vagueFilter(val, this.list) : null
       this.resetList(results)
       this.reCacularHeight()
       this.$nextTick(() => {
@@ -136,6 +136,11 @@ export default {
     })
   },
   methods: {
+    vagueFilter(val, nodes) {
+      if (!val || !val.trim()) return nodes
+      const results = nodes.filter(item => item.text?.toLocaleUpperCase().includes(val.toLocaleUpperCase()))
+      return results
+    },
     resetSelectAll() {
       this.selectAll = false
     },
@@ -148,7 +153,7 @@ export default {
     selectAllChange(val) {
       let vals = val ? [...this.list.map(ele => ele.id)] : []
       if (this.keyWord.trim() && val) {
-        vals = this.list.filter(item => item.text.includes(this.keyWord.trim())).map(ele => ele.id)
+        vals = this.vagueFilter(this.keyWord.trim(), this.list).map(ele => ele.id)
       }
       this.visualChange(vals)
       this.selectValue = vals
@@ -233,14 +238,14 @@ export default {
     isAllSelect() {
       let vals = this.list.length
       if (this.keyWord.trim()) {
-        vals = this.list.filter(item => item.text.includes(this.keyWord.trim())).map(ele => ele.id).filter(ele => this.selectValue.includes(ele)).length
+        vals = this.vagueFilter(this.keyWord.trim(), this.list).map(ele => ele.id).filter(ele => this.selectValue.includes(ele)).length
       }
       return vals
     },
     halfSelect() {
       let vals = this.list.length
       if (this.keyWord.trim()) {
-        vals = this.list.filter(item => item.text.includes(this.keyWord.trim())).map(ele => ele.id).length
+        vals = this.vagueFilter(this.keyWord.trim(), this.list).map(ele => ele.id).length
       }
       return vals
     },
diff --git a/frontend/src/components/widget/deWidget/DeSelectGrid.vue b/frontend/src/components/widget/deWidget/DeSelectGrid.vue
index d4887feb9a..46023bfe7d 100644
--- a/frontend/src/components/widget/deWidget/DeSelectGrid.vue
+++ b/frontend/src/components/widget/deWidget/DeSelectGrid.vue
@@ -31,7 +31,7 @@
           v-model="value"
           @change="handleCheckedChange"
         >
-          <template v-for="item in data.filter(node => !keyWord || (node.id && node.id.includes(keyWord)))">
+          <template v-for="item in data.filter(node => !keyWord || (node.id && node.id.toLocaleUpperCase().includes(keyWord.toLocaleUpperCase())))">
             <el-checkbox
               :key="item.id"
               :label="item.id"
@@ -51,7 +51,7 @@
           @change="changeRadioBox"
         >
           <el-radio
-            v-for="(item, index) in data.filter(node => !keyWord || (node.id && node.id.includes(keyWord)))"
+            v-for="(item, index) in data.filter(node => !keyWord || (node.id && node.id.toLocaleUpperCase().includes(keyWord.toLocaleUpperCase())))"
             :key="index"
             :label="item.id"
             @click.native.prevent="testChange(item)"
diff --git a/frontend/src/components/widget/deWidget/DeSelectTree.vue b/frontend/src/components/widget/deWidget/DeSelectTree.vue
index 06c055d3d0..e7d79b3845 100644
--- a/frontend/src/components/widget/deWidget/DeSelectTree.vue
+++ b/frontend/src/components/widget/deWidget/DeSelectTree.vue
@@ -381,7 +381,7 @@ export default {
 
     _filterFun(value, data, node) {
       if (!value) return true
-      return data.id.toString().indexOf(value.toString()) !== -1
+      return data.id.toString().toLocaleUpperCase().indexOf(value.toString().toLocaleUpperCase()) !== -1
     },
     // 树点击
     _nodeClickFun(data, node, vm) {
diff --git a/frontend/src/icons/svg/file-excel.svg b/frontend/src/icons/svg/file-excel.svg
new file mode 100644
index 0000000000..253306726f
--- /dev/null
+++ b/frontend/src/icons/svg/file-excel.svg
@@ -0,0 +1 @@
+<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1687676106978" filter="currentColor" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="3283" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><path d="M854.6 288.6L639.4 73.4c-6-6-14.1-9.4-22.6-9.4H192c-17.7 0-32 14.3-32 32v832c0 17.7 14.3 32 32 32h640c17.7 0 32-14.3 32-32V311.3c0-8.5-3.4-16.7-9.4-22.7zM790.2 326H602V137.8L790.2 326z m1.8 562H232V136h302v216a42 42 0 0 0 42 42h216v494zM514.1 580.1l-61.8-102.4c-2.2-3.6-6.1-5.8-10.3-5.8h-38.4c-2.3 0-4.5 0.6-6.4 1.9-5.6 3.5-7.3 10.9-3.7 16.6l82.3 130.4-83.4 132.8a12.04 12.04 0 0 0 10.2 18.4h34.5c4.2 0 8-2.2 10.2-5.7L510 664.8l62.3 101.4c2.2 3.6 6.1 5.7 10.2 5.7H620c2.3 0 4.5-0.7 6.5-1.9 5.6-3.6 7.2-11 3.6-16.6l-84-130.4 85.3-132.5a12.04 12.04 0 0 0-10.1-18.5h-35.7c-4.2 0-8.1 2.2-10.3 5.8l-61.2 102.3z" p-id="3284"></path></svg>
diff --git a/frontend/src/lang/en.js b/frontend/src/lang/en.js
index e78404581a..1d11528945 100644
--- a/frontend/src/lang/en.js
+++ b/frontend/src/lang/en.js
@@ -626,7 +626,8 @@ export default {
     status: 'Authorization status',
     valid: 'Valid',
     invalid: 'Invalid',
-    expired: 'Expired'
+    expired: 'Expired',
+    expired_msg: 'license has expired since {0}.  It is recommended to update the license, which does not affect the use of enterprise version functions'
   },
   member: {
     create: 'Add members',
@@ -935,6 +936,8 @@ export default {
     password_input_error: 'Original password input error'
   },
   chart: {
+    empty_hide: 'hide empty',
+    hide: 'hide',
     chart_refresh_tips: 'View refresh setting takes precedence over panel refresh setting',
     '1-trend': 'trend',
     '2-state': 'State',
diff --git a/frontend/src/lang/tw.js b/frontend/src/lang/tw.js
index 9c09e989fa..2bf2e5c31e 100644
--- a/frontend/src/lang/tw.js
+++ b/frontend/src/lang/tw.js
@@ -626,7 +626,8 @@ export default {
     status: '授權狀態',
     valid: '有效',
     invalid: '無效',
-    expired: '已過期'
+    expired: '已過期',
+    expired_msg: 'License已過期，過期時間：{0}，為了不影響企業版功能的使用，建議您更新License'
   },
   member: {
     create: '添加成員',
@@ -934,6 +935,8 @@ export default {
     password_input_error: '原始密碼輸入錯誤'
   },
   chart: {
+    empty_hide: '隱藏空值',
+    hide: '隱藏',
     chart_refresh_tips: '視圖刷新設置優先於儀表板刷新設置',
     '1-trend': '趨勢',
     '2-state': '狀態',
diff --git a/frontend/src/lang/zh.js b/frontend/src/lang/zh.js
index fc55889561..b5b49c6a93 100644
--- a/frontend/src/lang/zh.js
+++ b/frontend/src/lang/zh.js
@@ -625,7 +625,8 @@ export default {
     status: '授权状态',
     valid: '有效',
     invalid: '无效',
-    expired: '已过期'
+    expired: '已过期',
+    expired_msg: 'License已过期，过期时间：{0}，为了不影响企业版功能的使用，建议您更新License'
   },
   member: {
     create: '添加成员',
@@ -933,6 +934,8 @@ export default {
     password_input_error: '原始密码输入错误'
   },
   chart: {
+    empty_hide: '隐藏空值',
+    hide: '隐藏',
     chart_refresh_tips: '视图刷新设置优先于仪表板刷新设置',
     '1-trend': '趋势',
     '2-state': '状态',
@@ -1936,7 +1939,7 @@ export default {
     jsonpath_info: '请填入JsonPath',
     req_param: '请求参数',
     headers: '请求头',
-    query_param: "QUERY參數",
+    query_param: "QUERY参数",
     query_info: "地址栏中跟在？后面的参数,如: updateapi?id=112",
     key: '键',
     value: '值',
diff --git a/frontend/src/layout/components/Licbar.vue b/frontend/src/layout/components/Licbar.vue
index dfcc15f1b6..b4caa79e60 100644
--- a/frontend/src/layout/components/Licbar.vue
+++ b/frontend/src/layout/components/Licbar.vue
@@ -1,9 +1,18 @@
 <template>
+
   <div
-    v-if="!licValidate && licStatus !== 'no_record'"
-    class="lic"
+    v-if="!licValidate && licStatus !== 'no_record' && !tipClosed"
+    class="lic_tips"
   >
-    <strong>{{ $t(licMsg) }}</strong>
+    <el-alert
+      class="lic_alert"
+      :title="$t(licMsg)"
+      type="warning"
+      show-icon
+      center
+      @close="closeTip"
+    />
+
   </div>
 </template>
 
@@ -20,9 +29,7 @@ export default {
     }
   },
   computed: {
-    /* theme() {
-      return this.$store.state.settings.theme
-    }, */
+
     licValidate() {
       return this.$store.state.lic.validate
     },
@@ -30,40 +37,40 @@ export default {
       return this.$store.state.lic.licStatus || ''
     },
     licMsg() {
+      if (this.$store.state.lic?.licMsg?.includes('expired')) {
+        const message = this.$store.state.lic.licMsg
+        const exp = message.substring(message.indexOf('since ') + 6, message.indexOf(','))
+        return this.$t('license.expired_msg').replace('{0}', exp)
+      }
       return this.$store.state.lic.licMsg ? ('license.' + this.$store.state.lic.licMsg) : null
+    },
+    tipClosed() {
+      return localStorage.getItem('lic_closed')
     }
 
   },
 
   mounted() {
-    // this.validate()
   },
   methods: {
-    // validate() {
-    //   validateLic().then(res => {
-    //     this.lic = true
-    //     this.$store.dispatch('lic/setValidate', true)
-    //   }).catch((e) => {
-    //     this.msg = e.response.data.message
-    //     this.lic = false
-    //     this.$store.dispatch('lic/setValidate', false)
-    //   })
-    // }
+    closeTip() {
+      localStorage.setItem('lic_closed', true)
+    }
+
   }
 }
 </script>
 <style lang="scss" scoped>
-
-    .lic {
-        height: 24px;
-        background-color: #c92100;
-        color: #fff;
-        text-align: center;
-        /* padding: 6px 11px; */
-        position: fixed;
-        z-index: 1002;
-        top: 0;
-        width: 100%;
-    }
+  .lic_tips {
+    position: absolute;
+    z-index: 2000;
+    position:absolute;
+    top: 0;left:0;right:0;
+    margin: auto;
+  }
+  .lic_alert ::v-deep .el-icon-close{
+    top: 16px !important;
+    right: 10px !important;
+  }
 
 </style>
diff --git a/frontend/src/layout/components/Topbar.vue b/frontend/src/layout/components/Topbar.vue
index 1888c83b07..34a133efa8 100644
--- a/frontend/src/layout/components/Topbar.vue
+++ b/frontend/src/layout/components/Topbar.vue
@@ -281,7 +281,7 @@ export default {
     unloadHandler(e) {
       this.gap_time = new Date().getTime() - this.beforeUnload_time
       if (this.gap_time <= 5) {
-        this.logout().then(res => {})
+        // this.logout().then(res => {})
       }
     },
 
diff --git a/frontend/src/views/chart/chart/map/map.js b/frontend/src/views/chart/chart/map/map.js
index 1d534f9a9e..5433ca8441 100644
--- a/frontend/src/views/chart/chart/map/map.js
+++ b/frontend/src/views/chart/chart/map/map.js
@@ -72,9 +72,13 @@ export function baseMapOption(chart_option, geoJson, chart, themeStyle, curAreaC
       const reg = new RegExp('\n', 'g')
       const text = tooltip.formatter.replace(reg, '<br/>')
       tooltip.formatter = params => {
+        const val = params.value
+        if (tooltip.emptyHide && (val === null || typeof val === 'undefined' || isNaN(val))) {
+          return ''
+        }
         const a = params.seriesName
         const b = params.name
-        const c = params.value ?? ''
+        const c = (val === null || typeof val === 'undefined' || isNaN(val)) ? '' : val
         return text.replace(new RegExp('{a}', 'g'), a).replace(new RegExp('{b}', 'g'), b).replace(new RegExp('{c}', 'g'), c)
       }
       chart_option.tooltip = tooltip
diff --git a/frontend/src/views/chart/chart/util.js b/frontend/src/views/chart/chart/util.js
index 52ad0e780b..2d06070bdd 100644
--- a/frontend/src/views/chart/chart/util.js
+++ b/frontend/src/views/chart/chart/util.js
@@ -3323,6 +3323,7 @@ export const TYPE_CONFIGS = [
       ],
       'tooltip-selector': [
         'show',
+        'emptyHide',
         'textStyle',
         'formatter'
       ],
diff --git a/frontend/src/views/chart/components/ChartComponent.vue b/frontend/src/views/chart/components/ChartComponent.vue
index 12bef864e0..178daf6de0 100644
--- a/frontend/src/views/chart/components/ChartComponent.vue
+++ b/frontend/src/views/chart/components/ChartComponent.vue
@@ -481,9 +481,11 @@ export default {
     trackClick(trackAction) {
       const param = this.pointParam
       if (!param || !param.data || !param.data.dimensionList) {
-        // 地图提示没有关联字段 其他没有维度信息的 直接返回
         if (this.chart.type === 'map') {
-          this.$warning(this.$t('panel.no_drill_field'))
+          const zoom = this.myChart.getOption().geo[0].zoom
+          if (zoom <= 1) {
+            this.$warning(this.$t('panel.no_drill_field'))
+          }
         }
         return
       }
diff --git a/frontend/src/views/chart/components/ChartComponentG2.vue b/frontend/src/views/chart/components/ChartComponentG2.vue
index 2c32934575..086615a457 100644
--- a/frontend/src/views/chart/components/ChartComponentG2.vue
+++ b/frontend/src/views/chart/components/ChartComponentG2.vue
@@ -61,7 +61,7 @@ import ChartTitleUpdate from './ChartTitleUpdate.vue'
 import { equalsAny } from '@/utils/StringUtils'
 import { mapState } from 'vuex'
 import { baseFlowMapOption } from '@/views/chart/chart/map/map_antv'
-
+import { clear } from 'size-sensor'
 export default {
   name: 'ChartComponentG2',
   components: { TitleRemark, ViewTrackBar, ChartTitleUpdate },
@@ -166,7 +166,28 @@ export default {
     }
   },
   beforeDestroy() {
-    this.myChart.destroy()
+    if (this.myChart.container) {
+      if (typeof this.myChart.container.getAttribute === 'function') {
+        clear(this.myChart.container)
+      }
+    }
+    this.myChart?.clear?.()
+    this.myChart?.unbindSizeSensor?.()
+    this.myChart?.unbind?.()
+    this.myChart?.destroy?.()
+    if (this.myChart) {
+      for (const key in this.myChart.chart) {
+        this.myChart.chart[key] = null
+        this.$delete(this.myChart.chart, key)
+      }
+      for (const key in this.myChart) {
+        this.myChart[key] = null
+        this.$delete(this.myChart, key)
+      }
+    }
+    for (const key in this.pointParam) {
+      this.$delete(this.pointParam, key)
+    }
     window.removeEventListener('resize', this.calcHeightDelay)
     this.myChart = null
   },
@@ -222,7 +243,7 @@ export default {
       window.addEventListener('resize', this.calcHeightDelay)
     },
     drawView() {
-      const chart = this.chart
+      const chart = JSON.parse(JSON.stringify(this.chart))
       // type
       // if (chart.data) {
       this.antVRenderStatus = true
diff --git a/frontend/src/views/chart/components/componentStyle/dialog/RemarkEditor.vue b/frontend/src/views/chart/components/componentStyle/dialog/RemarkEditor.vue
index 5504f61927..2d63ab1e07 100644
--- a/frontend/src/views/chart/components/componentStyle/dialog/RemarkEditor.vue
+++ b/frontend/src/views/chart/components/componentStyle/dialog/RemarkEditor.vue
@@ -14,6 +14,22 @@
 <script>
 import tinymce from 'tinymce/tinymce' // tinymce默认hidden，不引入不显示
 import Editor from '@tinymce/tinymce-vue'
+import 'tinymce/themes/silver/theme' // 编辑器主题
+import 'tinymce/icons/default' // 引入编辑器图标icon，不引入则不显示对应图标
+// 引入编辑器插件（基本免费插件都在这儿了）
+import 'tinymce/plugins/advlist' // 高级列表
+import 'tinymce/plugins/autolink' // 自动链接
+import 'tinymce/plugins/link' // 超链接
+import 'tinymce/plugins/image' // 插入编辑图片
+import 'tinymce/plugins/lists' // 列表插件
+import 'tinymce/plugins/charmap' // 特殊字符
+import 'tinymce/plugins/media' // 插入编辑媒体
+import 'tinymce/plugins/wordcount' // 字数统计
+import 'tinymce/plugins/table' // 表格
+import 'tinymce/plugins/contextmenu' // contextmenu
+import 'tinymce/plugins/directionality'
+import 'tinymce/plugins/nonbreaking'
+import 'tinymce/plugins/pagebreak'
 import { imgUrlTrans } from '@/components/canvas/utils/utils'
 import { mapState } from 'vuex'
 // 编辑器引入
diff --git a/frontend/src/views/chart/components/dragItem/QuotaExtItem.vue b/frontend/src/views/chart/components/dragItem/QuotaExtItem.vue
index 4ce2771a3f..39e695a509 100644
--- a/frontend/src/views/chart/components/dragItem/QuotaExtItem.vue
+++ b/frontend/src/views/chart/components/dragItem/QuotaExtItem.vue
@@ -449,7 +449,7 @@ export default {
 
     valueFormatter() {
       this.item.index = this.index
-      this.item.formatterType = 'quota'
+      this.item.formatterType = 'quotaExt'
       this.$emit('valueFormatter', this.item)
     }
   }
diff --git a/frontend/src/views/chart/components/filter/QuotaFilterEditor.vue b/frontend/src/views/chart/components/filter/QuotaFilterEditor.vue
index 14b037028b..25f1bd4045 100644
--- a/frontend/src/views/chart/components/filter/QuotaFilterEditor.vue
+++ b/frontend/src/views/chart/components/filter/QuotaFilterEditor.vue
@@ -117,6 +117,13 @@ export default {
           value: 'ge',
           label: this.$t('chart.filter_ge')
         }]
+      },
+      {
+        label: '',
+        options: [{
+          value: 'not_null',
+          label: this.$t('chart.filter_not_null')
+        }]
       }],
       logic: ''
     }
diff --git a/frontend/src/views/chart/components/filter/ResultFilterEditor.vue b/frontend/src/views/chart/components/filter/ResultFilterEditor.vue
index f9f3c77fdf..73c5c3b8b7 100644
--- a/frontend/src/views/chart/components/filter/ResultFilterEditor.vue
+++ b/frontend/src/views/chart/components/filter/ResultFilterEditor.vue
@@ -194,6 +194,13 @@ export default {
             value: 'ge',
             label: this.$t('chart.filter_ge')
           }]
+        },
+        {
+          label: '',
+          options: [{
+            value: 'not_null',
+            label: this.$t('chart.filter_not_null')
+          }]
         }
       ],
       valueOptions: [
@@ -226,6 +233,13 @@ export default {
             value: 'ge',
             label: this.$t('chart.filter_ge')
           }]
+        },
+        {
+          label: '',
+          options: [{
+            value: 'not_null',
+            label: this.$t('chart.filter_not_null')
+          }]
         }
       ],
       options: [],
diff --git a/frontend/src/views/chart/components/shapeAttr/TooltipSelector.vue b/frontend/src/views/chart/components/shapeAttr/TooltipSelector.vue
index 618d32e305..b04e740df2 100644
--- a/frontend/src/views/chart/components/shapeAttr/TooltipSelector.vue
+++ b/frontend/src/views/chart/components/shapeAttr/TooltipSelector.vue
@@ -18,6 +18,16 @@
           >{{ $t('chart.show') }}</el-checkbox>
         </el-form-item>
         <div v-show="tooltipForm.show">
+          <el-form-item
+            v-show="showProperty('emptyHide')"
+            :label="$t('chart.empty_hide')"
+            class="form-item"
+          >
+            <el-checkbox
+              v-model="tooltipForm.emptyHide"
+              @change="changeTooltipAttr('emptyHide')"
+            >{{ $t('chart.hide') }}</el-checkbox>
+          </el-form-item>
           <el-form-item
             v-show="showProperty('trigger')"
             :label="$t('chart.trigger_position')"
diff --git a/frontend/src/views/chart/view/ChartEdit.vue b/frontend/src/views/chart/view/ChartEdit.vue
index 4a7626ee4d..2be29cbf09 100644
--- a/frontend/src/views/chart/view/ChartEdit.vue
+++ b/frontend/src/views/chart/view/ChartEdit.vue
@@ -473,7 +473,8 @@
                   <plugin-com
                     v-if="view.isPlugin"
                     :component-name="view.type + '-data'"
-                    :obj="{view, param, chart, dimensionData, quotaData}"
+                    :obj="{view, param, chart, dimension, dimensionData, quota, quotaData}"
+                    :bus="bus"
                   />
                   <div v-else>
 
@@ -819,6 +820,7 @@
                             @editItemFilter="showQuotaEditFilter"
                             @onNameEdit="showRename"
                             @editItemCompare="showQuotaEditCompare"
+                            @valueFormatter="valueFormatter"
                           />
                         </transition-group>
                       </draggable>
@@ -1795,7 +1797,7 @@ export default {
     DrillPath,
     PluginCom,
     MapMapping,
-    MarkMapDataEditor,
+    MarkMapDataEditor
   },
   props: {
     param: {
@@ -1815,6 +1817,7 @@ export default {
   },
   data() {
     return {
+      bus: bus,
       positionActiveNames: 'positionAdjust',
       loading: false,
       table: {},
@@ -2954,7 +2957,7 @@ export default {
 
     // 更换数据集
     changeChart() {
-      const optType = this.view.tableId === this.changeTable.id && this.view.dataFrom!=='template' ? 'same' : 'change'
+      const optType = this.view.tableId === this.changeTable.id && this.view.dataFrom !== 'template' ? 'same' : 'change'
       // 更换数据集后清空视图字段，并重新请求数据；否则没有操作
       if (optType === 'change') {
         this.view.dataFrom = 'dataset'
diff --git a/frontend/src/views/chart/view/PositionAdjust.vue b/frontend/src/views/chart/view/PositionAdjust.vue
index 00f5618e8a..ab5795a2e0 100644
--- a/frontend/src/views/chart/view/PositionAdjust.vue
+++ b/frontend/src/views/chart/view/PositionAdjust.vue
@@ -81,7 +81,7 @@ export default {
   props: {},
   data() {
     return {
-      maxHeight: 2000,
+      maxHeight: 10000,
       maxTop: 20000
     }
   },
diff --git a/frontend/src/views/chart/view/TitleRemark.vue b/frontend/src/views/chart/view/TitleRemark.vue
index 151bb41d36..2d6beaa0b2 100644
--- a/frontend/src/views/chart/view/TitleRemark.vue
+++ b/frontend/src/views/chart/view/TitleRemark.vue
@@ -10,7 +10,7 @@
       <div
         class="remark-style"
         :style="{backgroundColor:remarkCfg.bgFill}"
-        v-html="remarkCfg.content"
+        v-html="$xss(remarkCfg.content)"
       />
       <i
         slot="reference"
diff --git a/frontend/src/views/dataset/common/DatasetChartDetail.vue b/frontend/src/views/dataset/common/DatasetChartDetail.vue
index 1eae8a0fd2..c58d8da032 100644
--- a/frontend/src/views/dataset/common/DatasetChartDetail.vue
+++ b/frontend/src/views/dataset/common/DatasetChartDetail.vue
@@ -21,8 +21,8 @@
           <el-col class="info-item">
             <p class="info-title">{{ $t('chart.chart_type') }}</p>
             <svg-icon
-              v-if="detail.chart.type"
-              :icon-class="detail.chart.type"
+              :icon-class="detail.chart.isPlugin && detail.chart.type && detail.chart.type !== 'buddle-map' ? ('/api/pluginCommon/staticInfo/' + detail.chart.type + '/svg') : detail.chart.type"
+              class="chart-icon"
             />
           </el-col>
           <el-col class="info-item">
diff --git a/frontend/src/views/dataset/data/components/LazyTree.vue b/frontend/src/views/dataset/data/components/LazyTree.vue
index 42c6a0df6f..6452d83cf7 100644
--- a/frontend/src/views/dataset/data/components/LazyTree.vue
+++ b/frontend/src/views/dataset/data/components/LazyTree.vue
@@ -34,7 +34,7 @@
           <span>
             <span
               style="margin-left: 6px"
-              v-html="data.name"
+              v-html="$xss(data.name)"
             />
           </span>
           <span
diff --git a/frontend/src/views/dataset/group/GroupMoveSelector.vue b/frontend/src/views/dataset/group/GroupMoveSelector.vue
index 83bc0328aa..8a668582b7 100644
--- a/frontend/src/views/dataset/group/GroupMoveSelector.vue
+++ b/frontend/src/views/dataset/group/GroupMoveSelector.vue
@@ -34,7 +34,7 @@
                 text-overflow: ellipsis;
               "
               :title="data.name"
-              v-html="highlights(data.name)"
+              v-html="$xss(highlights(data.name))"
             />
           </span>
         </span>
diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue
index 50df6c744b..883ac0cc98 100644
--- a/frontend/src/views/login/index.vue
+++ b/frontend/src/views/login/index.vue
@@ -216,6 +216,7 @@ import { changeFavicon, showMultiLoginMsg } from '@/utils/index'
 import { initTheme } from '@/utils/ThemeUtil'
 import PluginCom from '@/views/system/plugin/PluginCom'
 import Cookies from 'js-cookie'
+import xss from 'xss'
 export default {
   name: 'Login',
   components: { PluginCom },
@@ -449,7 +450,27 @@ export default {
         this.showFoot = this.uiInfo['ui.showFoot'].paramValue === true || this.uiInfo['ui.showFoot'].paramValue === 'true'
         if (this.showFoot) {
           const content = this.uiInfo['ui.footContent'] && this.uiInfo['ui.footContent'].paramValue
-          this.footContent = content
+          const myXss = new xss.FilterXSS({
+            css: {
+              whiteList: {
+                'background-color': true,
+                'text-align': true,
+                'color': true,
+                'margin-top': true,
+                'margin-bottom': true,
+                'line-height': true,
+                'box-sizing': true,
+                'padding-top': true,
+                'padding-bottom': true
+              }
+            },
+            whiteList: {
+              ...xss.whiteList,
+              p: ['style'],
+              span: ['style']
+            }
+          })
+          this.footContent = myXss.process(content)
         }
       }
     },
diff --git a/frontend/src/views/panel/export/PDFPreExport.vue b/frontend/src/views/panel/export/PDFPreExport.vue
index 83fc3e37d2..76e0a58f1e 100644
--- a/frontend/src/views/panel/export/PDFPreExport.vue
+++ b/frontend/src/views/panel/export/PDFPreExport.vue
@@ -15,7 +15,7 @@
         <div
           class="export_body_inner_class"
           :style="templateHtmlStyle"
-          v-html="templateContentChange"
+          v-html="$xss(templateContentChange)"
         />
       </div>
     </el-row>
diff --git a/frontend/src/views/panel/filter/FilterDialog.vue b/frontend/src/views/panel/filter/FilterDialog.vue
index 96dd3e5a14..975dc186af 100644
--- a/frontend/src/views/panel/filter/FilterDialog.vue
+++ b/frontend/src/views/panel/filter/FilterDialog.vue
@@ -266,6 +266,7 @@
       <div v-if="currentElement.options && currentElement.options.attrs">
         <filter-head
           :element="currentElement"
+          @dataset-name="dataSetName"
         />
 
         <filter-control
@@ -463,6 +464,23 @@ export default {
     bus.$off('valid-values-change', this.validateFilterValue)
   },
   methods: {
+    dataSetName(tableId, callback) {
+      let result = null
+      if (tableId) {
+        const stack = [...this.defaultData]
+        while (stack.length) {
+          const tableNode = stack.pop()
+          if (tableNode.id === tableId) {
+            result = tableNode.name
+            break
+          }
+          if (tableNode.children?.length) {
+            tableNode.children.forEach(kid => stack.push(kid))
+          }
+        }
+      }
+      callback && callback(result)
+    },
     async checkSuperior(list, anotherTableIds) {
       let fieldValid = false
       const fieldId = this.myAttrs?.fieldId
diff --git a/frontend/src/views/panel/filter/filterMain/FilterHead.vue b/frontend/src/views/panel/filter/filterMain/FilterHead.vue
index 8be3861cfb..38181d2511 100644
--- a/frontend/src/views/panel/filter/filterMain/FilterHead.vue
+++ b/frontend/src/views/panel/filter/filterMain/FilterHead.vue
@@ -25,6 +25,7 @@
                     :key="item.id"
                     :item="item"
                     :index="index"
+                    :tool-tip="getTableName(item.tableId)"
 
                     @closeItem="closeItem"
                   />
@@ -70,7 +71,12 @@ export default {
 
   },
   methods: {
-
+    getTableName(tableId) {
+      let tableName = null
+      this.$emit('dataset-name', tableId, t => { tableName = t })
+      console.log(tableName)
+      return tableName
+    },
     onMove(e, originalEvent) {
       return true
     },
diff --git a/frontend/src/views/panel/list/PanelList.vue b/frontend/src/views/panel/list/PanelList.vue
index 0984353329..f972c4761e 100644
--- a/frontend/src/views/panel/list/PanelList.vue
+++ b/frontend/src/views/panel/list/PanelList.vue
@@ -670,7 +670,10 @@ export default {
         if (this.editPanel.optType === 'toDefaultPanel') {
           this.defaultTree(false)
         }
-        updateCacheTree(this.editPanel.optType, 'panel-main-tree', panelInfo, this.tData)
+
+        updateCacheTree(this.editPanel.optType,
+          panelInfo.panelType === 'system' ? 'panel-default-tree' : 'panel-main-tree', panelInfo,
+          panelInfo.panelType === 'system' ? this.defaultData : this.tData)
         if (this.editPanel.optType === 'rename' && panelInfo.id === this.$store.state.panel.panelInfo.id) {
           this.$store.state.panel.panelInfo.name = panelInfo.name
         }
@@ -850,7 +853,7 @@ export default {
 
     delete(data) {
       const params = {
-        title: data.nodeType === 'folder'?'commons.delete_this_folder':'commons.delete_this_dashboard',
+        title: data.nodeType === 'folder' ? 'commons.delete_this_folder' : 'commons.delete_this_dashboard',
         type: 'danger',
         cb: () => {
           delGroup(data.id).then((response) => {
diff --git a/frontend/src/views/system/user/index.vue b/frontend/src/views/system/user/index.vue
index 7afbb41c7e..ca726d34c8 100644
--- a/frontend/src/views/system/user/index.vue
+++ b/frontend/src/views/system/user/index.vue
@@ -202,7 +202,7 @@
               <!-- // {{}}会将数据解释为普通文本，而非 HTML 代码。 -->
               <div
                 slot="content"
-                v-html="filterRoles(scope.row.roles)"
+                v-html="$xss(filterRoles(scope.row.roles))"
               />
               <div class="de-one-line">{{ filterRoles(scope.row.roles) }}</div>
             </el-tooltip>
diff --git a/frontend/src/views/wizard/WizardCard.vue b/frontend/src/views/wizard/WizardCard.vue
index ca795e4dd6..d124a4e225 100644
--- a/frontend/src/views/wizard/WizardCard.vue
+++ b/frontend/src/views/wizard/WizardCard.vue
@@ -9,7 +9,7 @@
         {{ details.head }}
       </el-row>
       <el-row class="card_content">
-        <span v-html="details.content" />
+        <span v-html="$xss(details.content)" />
       </el-row>
       <el-row class="card_bottom">
         {{ $t('wizard.click_show') }}
diff --git a/frontend/src/views/wizard/WizardCardEnterprise.vue b/frontend/src/views/wizard/WizardCardEnterprise.vue
index 8f1d344436..9d46cc886b 100644
--- a/frontend/src/views/wizard/WizardCardEnterprise.vue
+++ b/frontend/src/views/wizard/WizardCardEnterprise.vue
@@ -9,7 +9,7 @@
         {{ details.head }}
       </el-row>
       <el-row class="card_content">
-        <span v-html="details.content" />
+        <span v-html="$xss(details.content)" />
       </el-row>
       <el-row class="card_bottom">
         {{ $t('wizard.apply') }}
diff --git a/frontend/src/views/wizard/details/CardDetail.vue b/frontend/src/views/wizard/details/CardDetail.vue
index 7699033021..f725d31833 100644
--- a/frontend/src/views/wizard/details/CardDetail.vue
+++ b/frontend/src/views/wizard/details/CardDetail.vue
@@ -18,7 +18,7 @@
         <span>{{ details.head }}</span>
       </el-row>
       <el-row class="content">
-        <span v-html="details.content" />
+        <span v-html="$xss(details.content)" />
       </el-row>
       <el-row class="bottom">
         <span class="span-box">{{ details.bottom }}</span>
diff --git a/frontend/src/views/wizard/details/LatestDevelopments.vue b/frontend/src/views/wizard/details/LatestDevelopments.vue
index 8873f51aa0..7d656d00b6 100644
--- a/frontend/src/views/wizard/details/LatestDevelopments.vue
+++ b/frontend/src/views/wizard/details/LatestDevelopments.vue
@@ -18,7 +18,7 @@
         <span>{{ details.head }}</span>
       </el-row>
       <el-row class="content">
-        <span v-html="details.content" />
+        <span v-html="$xss(details.content)" />
       </el-row>
       <el-row class="bottom">
         <span class="span-box">{{ details.bottom }}</span>
diff --git a/mobile/package.json b/mobile/package.json
index 7988373a45..41def72170 100644
--- a/mobile/package.json
+++ b/mobile/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dataease-mobile",
-  "version": "1.18.8",
+  "version": "1.18.9",
   "private": true,
   "scripts": {
     "serve": "npm run dev:h5",
diff --git a/pom.xml b/pom.xml
index f370ded74d..4bc424337f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
     </parent>
 
     <properties>
-        <dataease.version>1.18.8</dataease.version>
+        <dataease.version>1.18.9</dataease.version>
     </properties>
 
     <name>dataease</name>