diff --git a/novel-front/src/main/java/com/java2nb/novel/core/wrapper/XssHttpServletRequestWrapper.java b/novel-front/src/main/java/com/java2nb/novel/core/wrapper/XssHttpServletRequestWrapper.java
index 059e265..b56f7fa 100644
--- a/novel-front/src/main/java/com/java2nb/novel/core/wrapper/XssHttpServletRequestWrapper.java
+++ b/novel-front/src/main/java/com/java2nb/novel/core/wrapper/XssHttpServletRequestWrapper.java
@@ -1,37 +1,42 @@
 package com.java2nb.novel.core.wrapper;
 
+import org.apache.commons.lang3.StringUtils;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
+import java.util.Arrays;
+import java.util.List;
 
 /**
  * XSS过滤处理
+ *
  * @author Administrator
  */
-public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
-{
+public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+    /**
+     * 假如有有html 代码是自己传来的  需要设定对应的name 不过滤
+     */
+    private static final List<String> noFilterNames = Arrays.asList("content");
+
     /**
      * @param request
      */
-    public XssHttpServletRequestWrapper(HttpServletRequest request)
-    {
+    public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);
     }
 
     @Override
-    public String[] getParameterValues(String name)
-    {
+    public String[] getParameterValues(String name) {
         String[] values = super.getParameterValues(name);
-        if (values != null)
-        {
+        if (!noFilterNames.contains(name) && values != null) {
             int length = values.length;
             String[] escapseValues = new String[length];
-            for (int i = 0; i < length; i++)
-            {
-                // 防xss攻击和过滤前后空格
-                escapseValues[i] = values[i].replaceAll("<","&lt;").replaceAll(">","&gt;");
+            for (int i = 0; i < length; i++) {
+                escapseValues[i] = values[i].replaceAll("<", "&lt;").replaceAll(">", "&gt;");
             }
             return escapseValues;
         }
-        return super.getParameterValues(name);
+        return values;
     }
 }
diff --git a/novel-front/src/main/resources/application.yml b/novel-front/src/main/resources/application.yml
index 9ab7ea8..2303787 100644
--- a/novel-front/src/main/resources/application.yml
+++ b/novel-front/src/main/resources/application.yml
@@ -23,7 +23,7 @@ xss:
   # 排除链接（多个用逗号分隔）
   excludes: /system/notice/*
   # 匹配链接 （多个用逗号分隔）
-  urlPatterns: /book/addBookComment,/user/addFeedBack
+  urlPatterns: /book/addBookComment,/user/addFeedBack,/author/addBook,/author/addBookContent,/author/register.html
 
 
 
diff --git a/novel-front/src/main/resources/templates/book/book_content.html b/novel-front/src/main/resources/templates/book/book_content.html
index 5e8cc54..3f33237 100644
--- a/novel-front/src/main/resources/templates/book/book_content.html
+++ b/novel-front/src/main/resources/templates/book/book_content.html
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{::meta},~{::link})">
-    <title th:text="${book.bookName}+'_'+${bookIndex.indexName}+'_'+#{website.name}"></title>
+    <title th:utext="${book.bookName}+'_'+${bookIndex.indexName}+'_'+#{website.name}"></title>
     <meta name="keywords" th:content="${book.bookName}+'官方首发,'+${book.bookName}+'小说,'+${book.bookName}+'最新章节,'+${book.bookName}+'txt下载,'+${book.bookName}+'无弹窗,'+${book.bookName}+'吧,'+${book.bookName}+'离线完本'" />
     <meta name="description" th:content="${book.bookName}+','+${book.bookName}+'小说阅读,'+#{website.name}+'提供'+${book.bookName}+'首发最新章节及txt下载,'+${book.bookName}+'最新更新章节,精彩尽在'+#{website.name}+'。'" />
     <link rel="stylesheet" href="/css/read.css" />
@@ -74,7 +74,7 @@
             <div class="readWrap">
                 <div class="bookNav">
                     <a href="/" >首页 </a>&gt; <a th:href="'/book/bookclass.html?c='+${book.catId}" th:text="${book.catName}">
-                </a>&gt; <a th:href="'/book/'+${book.id}+'.html'" th:text="${book.bookName}">
+                </a>&gt; <a th:href="'/book/'+${book.id}+'.html'" th:utext="${book.bookName}">
 
                 </a>
                 </div>
@@ -82,11 +82,11 @@
                     <div class="textbox cf">
 
                         <div class="book_title">
-                            <h1 th:text="${bookIndex.indexName}">
+                            <h1 th:utext="${bookIndex.indexName}">
                                 </h1>
                             <div class="textinfo">
                                 类别：<a th:href="'/book/bookclass.html?c='+${book.catId}" th:text="${book.catName}"></a>
-                                作者：<a th:href="'javascript:searchByK(\''+${book.authorName}+'\')'" th:text="${book.authorName}"></a><span th:text="'字数：'+${bookIndex.wordCount}"></span><span th:text="'更新时间：'+${#dates.format(bookIndex.updateTime, 'yy/MM/dd HH:mm:ss')}"></span>
+                                作者：<a th:href="'javascript:searchByK(\''+${book.authorName}+'\')'" th:utext="${book.authorName}"></a><span th:text="'字数：'+${bookIndex.wordCount}"></span><span th:text="'更新时间：'+${#dates.format(bookIndex.updateTime, 'yy/MM/dd HH:mm:ss')}"></span>
                             </div>
                         </div>
                         <div class="txtwrap" th:if="${needBuy}">
diff --git a/novel-front/src/main/resources/templates/book/book_detail.html b/novel-front/src/main/resources/templates/book/book_detail.html
index 248e471..58f05dc 100644
--- a/novel-front/src/main/resources/templates/book/book_detail.html
+++ b/novel-front/src/main/resources/templates/book/book_detail.html
@@ -2,7 +2,7 @@
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{::meta},~{::link})">
-    <title th:text="${book.bookName}+'_'+${book.authorName}+'_'+${book.bookName}+'txt下载'+'_'+${book.bookName}+'无弹窗_'+#{website.name}"></title>
+    <title th:utext="${book.bookName}+'_'+${book.authorName}+'_'+${book.bookName}+'txt下载'+'_'+${book.bookName}+'无弹窗_'+#{website.name}"></title>
     <meta name="keywords"
           th:content="${book.bookName}+'官方首发,'+${book.bookName}+'小说,'+${book.bookName}+'最新章节'+${book.bookName}+'txt下载,'+${book.bookName}+'无弹窗,'+${book.bookName}+'吧,'+${book.bookName}+'离线完本'"/>
     <meta name="description"
@@ -31,8 +31,8 @@
                                                       th:attr="alt=${book.bookName}"/></a>
             <div class="book_info">
                 <div class="tit">
-                    <h1 th:text="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>--><a class="author"
-                                                                                          th:text="${book.authorName}+' 著'"></a>
+                    <h1 th:utext="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>--><a class="author"
+                                                                                          th:utext="${book.authorName}+' 著'"></a>
                 </div>
                 <ul class="list">
                     <li><span class="item">类别：<em th:text="${book.catName}"></em></span>
@@ -70,7 +70,7 @@
                         </div>
                         <ul class="list cf">
                             <li>
-                                <span class="fl font16"> <a th:href="'/book/'+${book.id}+'/'+${book.lastIndexId}+'.html'" th:text="${book.lastIndexName}"><!--<i class="vip">VIP</i>--></a></span>
+                                <span class="fl font16"> <a th:href="'/book/'+${book.id}+'/'+${book.lastIndexId}+'.html'" th:utext="${book.lastIndexName}"><!--<i class="vip">VIP</i>--></a></span>
                                 <span class="black9 fr"
                                       th:text="'更新时间：'+${#dates.format(book.lastIndexUpdateTime, 'yy/MM/dd HH:mm:ss')}"></span>
                             </li>
@@ -143,7 +143,7 @@
                     <div class="msg">
                         <span class="icon_qyzz">签约作家</span>
                         <h4><a th:href="'javascript:searchByK(\''+${book.authorName}+'\')'"
-                               th:text="${book.authorName}"></a></h4>
+                               th:utext="${book.authorName}"></a></h4>
                     </div>
                 </div>
                 <div class="author_intro cf">
diff --git a/novel-front/src/main/resources/templates/book/book_index.html b/novel-front/src/main/resources/templates/book/book_index.html
index c6146a1..9106404 100644
--- a/novel-front/src/main/resources/templates/book/book_index.html
+++ b/novel-front/src/main/resources/templates/book/book_index.html
@@ -2,7 +2,7 @@
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{::meta},~{::link})">
-    <title th:text="${book.bookName}+'目录,'+${book.bookName}+'最新章节列表_'+#{website.name}"></title>
+    <title th:utext="${book.bookName}+'目录,'+${book.bookName}+'最新章节列表_'+#{website.name}"></title>
     <meta name="keywords" th:content="${book.bookName}+','+${book.bookName}+'目录,'+${book.bookName}+'最新章节列表'"/>
     <meta name="description"
           th:content="#{website.name}+'小说为您提供'+${book.bookName}+'目录,'+${book.bookName}+'最新章节列表,'+${book.bookName}+'全文阅读,'+${book.bookName}+'免费阅读,'+${book.bookName}+'下载'"/>
@@ -26,11 +26,11 @@
             <div class="bookCover cf">
                 <div class="book_info1">
                     <div class="tit">
-                        <h1 th:text="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>-->
+                        <h1 th:utext="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>-->
                     </div>
                     <ul class="list">
                         <li>
-                            <span>作者：<a href="javascript:void(0)" th:text="${book.authorName}"></a></span>
+                            <span>作者：<a href="javascript:void(0)" th:utext="${book.authorName}"></a></span>
                             <span>类别：<a th:href="'/book/bookclass.html?c='+${book.catId}" th:text="${book.catName}"></a></span>
                             <span th:switch="${book.bookStatus}">状态：<em class="black3" th:case="'0'">连载中</em><em class="black3"
                                                                                   th:case="*">已完结</em></span>
@@ -45,7 +45,7 @@
                 <div class="dirList">
                     <ul th:each="bookIndex : ${bookIndexList}">
                         <li><a th:if="${bookIndex.isVip} != '1'" th:href="'/book/'+${book.id}+'/'+${bookIndex.id}+'.html'" >
-                            <span th:text="${bookIndex.indexName}"></span><i class="red" > [免费]</i>
+                            <span th:utext="${bookIndex.indexName}"></span><i class="red" > [免费]</i>
                         </a>
                             <a th:if="${bookIndex.isVip} == '1'" th:href="'/book/'+${book.id}+'/'+${bookIndex.id}+'.html'" th:text="${bookIndex.indexName}">
                             </a></li>
diff --git a/novel-front/src/main/resources/templates/user/set_name.html b/novel-front/src/main/resources/templates/user/set_name.html
index d2b06b8..023cbd4 100644
--- a/novel-front/src/main/resources/templates/user/set_name.html
+++ b/novel-front/src/main/resources/templates/user/set_name.html
@@ -1,4 +1,5 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{},~{::link})">
     <title th:text="'修改昵称_'+#{website.name}"></title>
@@ -24,21 +25,26 @@
         <div class="my_r">
             <div class="my_info cf">
                 <div class="my_info_txt">
-                        <div class="aspNetHidden">
-                            <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTI5MzkzMzQyMw9kFgJmD2QWAmYPFgIeBFRleHQFqAE8YSBocmVmPSIvc2VhcmNoLmFzcHg/c2VhcmNoS2V5PeWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqyIgdGFyZ2V0PSJfYmxhbmsiPuWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqzwvYT5kZLj1Uo6akAHRsP9HH/tJWCPmjwlzm9tv02sZRfbbCnBA" />
-                        </div>
+                    <div class="aspNetHidden">
+                        <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
+                               value="/wEPDwUKMTI5MzkzMzQyMw9kFgJmD2QWAmYPFgIeBFRleHQFqAE8YSBocmVmPSIvc2VhcmNoLmFzcHg/c2VhcmNoS2V5PeWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqyIgdGFyZ2V0PSJfYmxhbmsiPuWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqzwvYT5kZLj1Uo6akAHRsP9HH/tJWCPmjwlzm9tv02sZRfbbCnBA"/>
+                    </div>
 
-                        <div class="aspNetHidden">
+                    <div class="aspNetHidden">
 
-                            <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="6C876674" />
-                            <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEdAAO8SPdUDpH0Q7nHjeqbvI7ld2C+OxfjpZOniBJbql7XdnRgTJ25FWigbeFr84Vgoxdi/cg2vS37N0KER6F1nyr1wKHztnXmDR5zls+9dCeAZg==" />
-                        </div>
-                        <ul class="mytab_list">
-                            <li><i class="tit">我的昵称</i><input name="txtNiceName" type="text" value="15171695474" maxlength="20" id="txtNiceName" class="s_input" placeholder="" /></li>
-                            <li><i class="tit">&nbsp;</i>用户名只能包括汉字、英文字母、数字和下划线</li>
-                            <li><i class="tit">&nbsp;</i><input type="button" onclick="updateName()" name="btn" value="修改" id="btn" class="s_btn btn_red" /></li>
-                            <li><i class="tit">&nbsp;</i><span id="LabErr"></span></li>
-                        </ul>
+                        <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="6C876674"/>
+                        <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION"
+                               value="/wEdAAO8SPdUDpH0Q7nHjeqbvI7ld2C+OxfjpZOniBJbql7XdnRgTJ25FWigbeFr84Vgoxdi/cg2vS37N0KER6F1nyr1wKHztnXmDR5zls+9dCeAZg=="/>
+                    </div>
+                    <ul class="mytab_list">
+                        <li><i class="tit">我的昵称</i><input name="txtNiceName" type="text" value="15171695474"
+                                                          maxlength="20" id="txtNiceName" class="s_input"
+                                                          placeholder=""/></li>
+                        <li><i class="tit">&nbsp;</i>用户名只能包括汉字、英文字母、数字和下划线</li>
+                        <li><i class="tit">&nbsp;</i><input type="button" onclick="updateName()" name="btn" value="修改"
+                                                            id="btn" class="s_btn btn_red"/></li>
+                        <li><i class="tit">&nbsp;</i><span id="LabErr"></span></li>
+                    </ul>
                 </div>
             </div>
         </div>
@@ -57,14 +63,13 @@
         dataType: "json",
         success: function (data) {
             if (data.code == 200) {
-                if(data.data.nickName){
+                if (data.data.nickName) {
                     $("#txtNiceName").val(data.data.nickName);
-                }else{
+                } else {
                     $("#txtNiceName").val(data.data.username);
                 }
 
 
-
             } else if (data.code == 1001) {
                 //未登录
                 location.href = '/user/login.html?originUrl=' + decodeURIComponent(location.href);
@@ -78,27 +83,26 @@
             layer.alert('网络异常');
         }
     })
+
     function updateName() {
         var nickname = $("#txtNiceName").val();
-        if(nickname.isBlank()){
+        if (nickname.isBlank()) {
             $("#LabErr").html("昵称不能为空！");
             return;
         }
-        if(!nickname.isNickName()){
+        if (!nickname.isNickName()) {
             $("#LabErr").html("昵称格式不正确！");
             return;
         }
         $.ajax({
             type: "POST",
             url: "/user/updateUserInfo",
-            data: {'nickName':nickname},
+            data: {'nickName': nickname},
             dataType: "json",
             success: function (data) {
                 if (data.code == 200) {
 
-                    if(data.data.token){
-                        $.cookie('Authorization', data.data.token,{ path: '/'  });
-                    }
+                    $.cookie('Authorization', data.data.token, {path: '/'});
                     window.location.href = '/user/setup.html';
 
                 } else if (data.code == 1001) {