diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java b/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
index d264a4aa509a167a3f1108f4ff7245ebe048005a..640cae3edf545fb9224bf6691b1eba89fdc5ec8a 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
@@ -27,10 +27,10 @@ public class WebXssRequestFilter  extends GenericFilterBean {
           String key = (String) parameterNames.nextElement();
           String value = request.getParameter(key);
           _logger.trace("parameter name "+key +" , value " + value);
-          String tempValue = value.toLowerCase().replace(" ", "");
+          String tempValue = value;
           if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
-        		  ||tempValue.indexOf("script")>-1
-        		  ||tempValue.indexOf("eval(")>-1) {
+        		  ||tempValue.toLowerCase().indexOf("script")>-1
+        		  ||tempValue.toLowerCase().replace(" ", "").indexOf("eval(")>-1) {
         	  isWebXss = true;
         	  _logger.error("parameter name "+key +" , value " + value 
         			  		+ ", contains dangerous content ! ");