diff --git a/js/builtin/filekit/src/nativeapi_fs.cpp b/js/builtin/filekit/src/nativeapi_fs.cpp
index 0237d63dc8f69f930bf03b3c4502c5c06afe6d03..e10490c2b062855c96583a1b7985b620c67c55d0 100755
--- a/js/builtin/filekit/src/nativeapi_fs.cpp
+++ b/js/builtin/filekit/src/nativeapi_fs.cpp
@@ -42,6 +42,9 @@ bool IsValidPath(const char* path)
     if ((strstr(path, "/./") != nullptr) || (strstr(path, "/../") != nullptr)) {
         return false;
     }
+    if (strpbrk(path + PREFIX_LEN, "\"*+,:;<=>\?[]|\x7F")) {
+        return false;
+    }
     return true;
 }
 
diff --git a/js/builtin/filekit/src/nativeapi_fs_impl.c b/js/builtin/filekit/src/nativeapi_fs_impl.c
index 51f44616811a7a6e289c28b99885a7d7e1ec4e40..cfffa4e3069f9b23f215ac06f259a9f96654df4a 100755
--- a/js/builtin/filekit/src/nativeapi_fs_impl.c
+++ b/js/builtin/filekit/src/nativeapi_fs_impl.c
@@ -39,16 +39,13 @@ static bool IsValidPath(const char* path)
     if ((pathLen == 0) || (pathLen > FILE_NAME_MAX_LEN)) {
         return false;
     }
-    if (strpbrk(path, "\"*+,:;<=>\?[]|\x7F")) {
-        return false;
-    }
     return true;
 }
 
 static int GetRealPath(const char* originPath, char* trustPath, size_t tPathLen)
 {
 #if (defined _WIN32 || defined _WIN64)
-    if (PathCanonicalize(originPath, trustPath) == true) {
+    if (PathCanonicalize(trustPath, originPath)) {
         return NATIVE_SUCCESS;
     }
 #else
diff --git a/js/builtin/kvstorekit/src/nativeapi_kv_impl.c b/js/builtin/kvstorekit/src/nativeapi_kv_impl.c
index a136df6f07f758c9babce755dd0e176552544f18..bfbcd66fdecbd5ec7806f86c5fb74cc01ae0fe52 100755
--- a/js/builtin/kvstorekit/src/nativeapi_kv_impl.c
+++ b/js/builtin/kvstorekit/src/nativeapi_kv_impl.c
@@ -59,7 +59,7 @@ static int GetKvFolder(const char* dataPath)
 static int GetRealPath(const char* originPath, char* trustPath, size_t tPathLen)
 {
 #if (defined _WIN32 || defined _WIN64)
-    if (PathCanonicalize(originPath, trustPath) == true) {
+    if (PathCanonicalize(trustPath, originPath)) {
         return NATIVE_SUCCESS;
     }
 #else