diff --git a/client/web/src/components/Markdown/render.tsx b/client/web/src/components/Markdown/render.tsx
index 151f453bac6..81d41f3155d 100644
--- a/client/web/src/components/Markdown/render.tsx
+++ b/client/web/src/components/Markdown/render.tsx
@@ -46,6 +46,11 @@ export const Markdown: React.FC<{
       ),
       iframe: (props) => {
         let src = props.src;
+
+        if (src?.includes('javascript')) {
+          return <div>not support run javascript</div>;
+        }
+
         if (src && src.includes('?')) {
           src += '&autoplay=0'; // make sure media autoplay is false
         }