From 1d317998af1bad34014a99d97f949e8fbe4c85c8 Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:41:16 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=AF=B4=E6=98=8E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/filter/XssHttpServletRequestWrapper.java      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index 32f17d61..e76580c9 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -29,7 +29,12 @@ import java.util.Map;
  */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
-    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
+
+    /**
+     * xss过滤参数
+     * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
+     */
+    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);