diff --git a/smtweb-framework/bpm/src/main/resources/config/application.yaml b/smtweb-framework/bpm/src/main/resources/config/application.yaml
index 3c54545..ede1cda 100644
--- a/smtweb-framework/bpm/src/main/resources/config/application.yaml
+++ b/smtweb-framework/bpm/src/main/resources/config/application.yaml
@@ -41,3 +41,54 @@ spring:
- bpm
caffeine:
spec: maximumSize=1024,expireAfterWrite=2h
+
+
+# http 规则配置
+http-config:
+ xss: #xss 规则
+ checkHeader: false #是否进行header校验
+ checkParameter: true #是否进行parameter校验
+ logIs: true #是否记录日志
+ chain: true #是否中断请求
+ replace: true #是否开启特殊字符替换
+ checkUrl: true #是否开启特殊url校验
+ regex:
+ # 匹配含有字符: alert( )
+ - .*[A|a][L|l][E|e][R|r][T|t](.*).*
+ # 匹配含有字符: window.location
+ - .*[W|w][I|i][N|n][D|d][O|o][W|w].[L|l][O|o][C|c][A|a][T|t][I|i][O|o][N|n].*
+ # 匹配含有字符:style = x:ex pression ( )
+ - .*[S|s][T|t][Y|y][L|l][E|e]\\s*=.*[X|x]:[E|e][X|x].*[P|p][R|r][E|e][S|s]{1,2}[I|i][O|o][N|n]\\s*\\(.*\\).*
+ # 匹配含有字符: document.cookie
+ - .*[D|d][O|o][C|c][U|u][M|m][E|e][N|n][T|t].[C|c][O|o]{2}[K|k][I|i][E|e].*
+ # 匹配含有字符: eval( )
+ - .*[E|e][V|v][A|a][L|l](.*).*
+ # 匹配含有字符: unescape()
+ - .*[U|u][N|n][E|e][S|s][C|c][A|a][P|p][E|e](.*).*
+ # 匹配含有字符: execscript( )
+ - .*[E|e][X|x][E|e][C|c][S|s][C|c][R|r][I|i][P|p][T|t](.*).*
+ # 匹配含有字符: msgbox( )
+ - .*[M|m][S|s][G|g][B|b][O|o][X|x](.*).*
+ # 匹配含有字符: confirm( )
+ - .*[C|c][O|o][N|n][F|f][I|i][R|r][M|m](.*).*
+ # 匹配含有字符: prompt( )
+ - .*[P|p][R|r][O|o][M|m][P|p][T|t](.*).*
+ # 匹配含有字符:
+ - .*<[S|s][C|c][R|r][I|i][P|p][T|t]>.*.*.*
+ # 匹配含有字符:
+ - .*.*
+ # 匹配含有字符: