From 31728300e15221b7f8ca5412101db19d0fe476be Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:42:43 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A7=84=E8=8C=83=E5=8F=82=E6=95=B0=E5=91=BD?=
 =?UTF-8?q?=E5=90=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index e76580c9..b1a17f67 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -32,6 +32,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     /**
      * xss过滤参数
+     *
      * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
      */
     private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
@@ -232,7 +233,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
      * @return 参数值
      */
     private String filterXss(String name, String value) {
-        if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) {
+        if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) {
             // 忽略的处理，（过滤敏感字符）
             return HtmlUtil.filter(value);
         } else {