From 5b4fc26ffad2790f551b100416a7d98c0528ae81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=A9=AC=E4=B8=89=E7=82=AE?= <15856818120@163.com>
Date: Wed, 26 Nov 2025 17:57:29 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B8=97=E9=80=8F=E6=B5=8B=E8=AF=95=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java b/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
index b617655..6cbdee1 100644
--- a/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
+++ b/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
@@ -82,7 +82,9 @@ public class XssFilter implements GlobalFilter, Ordered
                     DataBufferUtils.release(join);
                     String bodyStr = new String(content, StandardCharsets.UTF_8);
                     try {
-                        if (bodyStr.contains("username") || bodyStr.contains("password")){
+                        if (bodyStr.contains("username") || bodyStr.contains("password") || bodyStr.contains("userName")
+                        || bodyStr.contains("idNumber") || bodyStr.contains("orgId") || bodyStr.contains("phone") ||
+                        bodyStr.contains("phonenumber")){
 
                         }else {
                             bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());