From 0e7c703dfd09da415dbb2f29a2ba2d3e549cf701 Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Tue, 16 Nov 2021 15:58:22 +0800
Subject: [PATCH] =?UTF-8?q?xss=20=E8=BF=87=E6=BB=A4=E6=94=BE=E6=8E=89?=
 =?UTF-8?q?=E9=82=AE=E7=AE=B1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index b1a17f67..f776091a 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -35,7 +35,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
      *
      * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
      */
-    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
+    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv","mail"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);