From 65337912005334caaa23347e6894e5db654de5af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=98=BF=E6=B2=90?= <babamu@126.com>
Date: Wed, 26 Jun 2024 22:59:36 +0800
Subject: [PATCH] =?UTF-8?q?xss=E8=BF=87=E6=BB=A4=E6=97=B6=EF=BC=8C?=
 =?UTF-8?q?=E4=B8=8D=E9=9C=80=E8=A6=81=E6=9C=89contextPath=E8=B7=AF?=
 =?UTF-8?q?=E5=BE=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/net/maku/framework/common/xss/XssFilter.java        | 2 +-
 .../java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
index 0eb0034..e41d2b0 100644
--- a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
+++ b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
@@ -38,7 +38,7 @@ public class XssFilter extends OncePerRequestFilter {
         }
 
         // 放行不过滤的URL
-        return properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getRequestURI()));
+        return properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getServletPath()));
     }
 
 }
diff --git a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
index 709e2a0..0b8f37b 100644
--- a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
+++ b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
@@ -33,9 +33,9 @@ public class XssFilterJsonDeserializer extends JsonDeserializer<String> {
         if (request == null) {
             return value;
         }
-        
+
         // 判断该URI是否放行
-        boolean flag = properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getRequestURI()));
+        boolean flag = properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getServletPath()));
         if (flag) {
             return value;
         }