diff --git a/src/renderers/IFrame.tsx b/src/renderers/IFrame.tsx
index ca6ad21b7..c2de8de25 100644
--- a/src/renderers/IFrame.tsx
+++ b/src/renderers/IFrame.tsx
@@ -157,6 +157,16 @@ export default class IFrame extends React.Component<IFrameProps, object> {
       ...tempStyle,
       ...style
     };
+
+    const finalSrc = src ? buildApi(src, data).url : undefined;
+
+    if (
+      typeof finalSrc === 'string' &&
+      !/^(\.\/|\.\.\/|\/|https?\:\/\/)/.test(finalSrc)
+    ) {
+      return <p>请填写合法的 iframe 地址</p>;
+    }
+
     return (
       <iframe
         className={className}
@@ -164,7 +174,7 @@ export default class IFrame extends React.Component<IFrameProps, object> {
         style={style}
         ref={this.IFrameRef}
         onLoad={this.onLoad}
-        src={src ? buildApi(src, data).url : undefined}
+        src={finalSrc}
       />
     );
   }