From ff1910529847a5b3ffc12821d8201fcd81a98332 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=A9=AC=E4=B8=89=E7=82=AE?= <15856818120@163.com>
Date: Wed, 26 Nov 2025 15:57:21 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B8=97=E9=80=8F=E6=B5=8B=E8=AF=95=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/com/bonus/gateway/filter/XssFilter.java    | 8 ++++++--
 modules/bmw/src/main/resources/static/login.html         | 9 +++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java b/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
index 98e44f1..b617655 100644
--- a/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
+++ b/gateway/src/main/java/com/bonus/gateway/filter/XssFilter.java
@@ -82,13 +82,17 @@ public class XssFilter implements GlobalFilter, Ordered
                     DataBufferUtils.release(join);
                     String bodyStr = new String(content, StandardCharsets.UTF_8);
                     try {
-                        bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());
+                        if (bodyStr.contains("username") || bodyStr.contains("password")){
+
+                        }else {
+                            bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());
+                        }
                     } catch (UnsupportedEncodingException e) {
                         throw new RuntimeException(e);
                     }
                     // 防xss攻击过滤
                     bodyStr = EscapeUtil.clean(bodyStr);
-                    bodyStr = XssFilterUtil.filterSpecialChars(bodyStr);
+                   /* bodyStr = XssFilterUtil.filterSpecialChars(bodyStr);*/
                     // 转成字节
                     byte[] bytes = bodyStr.getBytes();
                     NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
diff --git a/modules/bmw/src/main/resources/static/login.html b/modules/bmw/src/main/resources/static/login.html
index 8502c5a..0456832 100644
--- a/modules/bmw/src/main/resources/static/login.html
+++ b/modules/bmw/src/main/resources/static/login.html
@@ -24,6 +24,7 @@
             <div class="title"></div>
             <div id="pwdDiv">
                 <input id="password" name="password" type="password" placeholder="密码"/>
+                <p style="font-size: 12px; color: red; margin: 0;">密码中必须包含【大小字母】、【数字】、【特殊字符】</p>
             </div>
         </div>
         <div class="common-box  codeDiv">
@@ -111,6 +112,14 @@
             $("#info").html('手机号或者密码或者验证码不能为空');
             $(obj).attr("disabled", false);
         } else {
+            //验证密码强度
+            var res = checkPwd(password);
+            if (!res) {
+                var msg = "您的密码复杂度太低！密码中必须包含【大小字母】、【数字】、【特殊字符】";
+                alert(msg);
+                //密码强度符合规则
+                location.href = ctxPath + '/login.html';
+            }
             $.ajax({
                 type: 'post',
                 contentType: "application/json; charset=utf-8",