diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java
index 363ccafa..07cee990 100644
--- a/src/main/java/net/mingsoft/config/WebConfig.java
+++ b/src/main/java/net/mingsoft/config/WebConfig.java
@@ -150,16 +150,16 @@ public class WebConfig implements WebMvcConfigurer {
 		return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor());
 	}
 
-//	 /**
-//	 * xssFilter注册
-//	 */
-//	 @Bean
-//	 public FilterRegistrationBean xssFilterRegistration() {
-//	 XSSEscapeFilter xssFilter = new XSSEscapeFilter();
-//	 FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
-//	 registration.addUrlPatterns("/*");
-//	 return registration;
-//	 }
+    @Bean
+    public FilterRegistrationBean xssFilterRegistration() {
+        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
+        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
+        xssFilter.excludes.add(".*file/upload.do");
+        xssFilter.excludes.add(".*/jsp/editor.do");
+        registration.addUrlPatterns("/*");
+
+        return registration;
+    }
 
 	/**
 	 * RequestContextListener注册
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index ff0cc3be..1907a3ac 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -12,7 +12,8 @@ ms:
   view-path: /WEB-INF/manager
   
  upload: 
-   path: /upload 
+   path: /upload
+   mapping: /upload/**
    denied: .exe,.jsp
    allowed: jpg
    max-size: 1