From 840e77d1ca442914f48a4a5c229a8c31cf890197 Mon Sep 17 00:00:00 2001
From: Charles7c <charles7c@126.com>
Date: Mon, 22 Dec 2025 20:38:26 +0800
Subject: [PATCH] =?UTF-8?q?fix(security/xss):=20=E4=BF=AE=E5=A4=8D=20XssSe?=
 =?UTF-8?q?rvletRequestWrapper=20=E8=AF=BB=E5=8F=96=E8=AF=B7=E6=B1=82?=
 =?UTF-8?q?=E4=BD=93=E6=95=B0=E6=8D=AE=E4=B8=8D=E5=85=A8=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #IDEZW0
---
 .../security/xss/filter/XssServletRequestWrapper.java    | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java
index 98addd77..dcd4a742 100644
--- a/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java
+++ b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java
@@ -19,9 +19,7 @@ package top.continew.starter.security.xss.filter;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.io.IoUtil;
 import cn.hutool.core.text.CharSequenceUtil;
-import cn.hutool.core.util.ArrayUtil;
-import cn.hutool.core.util.EscapeUtil;
-import cn.hutool.core.util.ReUtil;
+import cn.hutool.core.util.*;
 import cn.hutool.http.HtmlUtil;
 import cn.hutool.http.Method;
 import jakarta.servlet.ReadListener;
@@ -55,7 +53,8 @@ public class XssServletRequestWrapper extends HttpServletRequestWrapper {
         this.xssProperties = xssProperties;
         if (CharSequenceUtil.equalsAnyIgnoreCase(request.getMethod().toUpperCase(), Method.POST.name(), Method.PATCH
             .name(), Method.PUT.name())) {
-            body = IoUtil.getReader(request.getReader()).readLine();
+            String charset = StrUtil.blankToDefault(request.getCharacterEncoding(), CharsetUtil.UTF_8);
+            body = IoUtil.read(request.getInputStream(), CharsetUtil.charset(charset));
             if (CharSequenceUtil.isBlank(body)) {
                 return;
             }
@@ -149,4 +148,4 @@ public class XssServletRequestWrapper extends HttpServletRequestWrapper {
         };
     }
 
-}
+}
\ No newline at end of file