From 900818e05fcc976c734c9240dc6c874c127944ed Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Thu, 25 Mar 2021 23:13:15 +0800
Subject: [PATCH] Update WebXssRequestFilter.java

---
 .../src/main/java/org/maxkey/web/WebXssRequestFilter.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java b/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
index d264a4aa5..640cae3ed 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
@@ -27,10 +27,10 @@ public class WebXssRequestFilter  extends GenericFilterBean {
           String key = (String) parameterNames.nextElement();
           String value = request.getParameter(key);
           _logger.trace("parameter name "+key +" , value " + value);
-          String tempValue = value.toLowerCase().replace(" ", "");
+          String tempValue = value;
           if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
-        		  ||tempValue.indexOf("script")>-1
-        		  ||tempValue.indexOf("eval(")>-1) {
+        		  ||tempValue.toLowerCase().indexOf("script")>-1
+        		  ||tempValue.toLowerCase().replace(" ", "").indexOf("eval(")>-1) {
         	  isWebXss = true;
         	  _logger.error("parameter name "+key +" , value " + value 
         			  		+ ", contains dangerous content ! ");
-- 
GitLab