diff --git a/src/main/java/io/github/xxyopen/novel/core/auth/AuthStrategy.java b/src/main/java/io/github/xxyopen/novel/core/auth/AuthStrategy.java
index 66fde9c..84a5fa4 100644
--- a/src/main/java/io/github/xxyopen/novel/core/auth/AuthStrategy.java
+++ b/src/main/java/io/github/xxyopen/novel/core/auth/AuthStrategy.java
@@ -22,7 +22,7 @@ public interface AuthStrategy {
      * 如果后面需要扩展到对每一个URI都进行权限控制，那么此方法可以加一个参数来接收用户请求的URI
      *
      * @param token 登录 token
-     * @throws BusinessException 认证失败则抛出义务异常
+     * @throws BusinessException 认证失败则抛出业务异常
      */
     void auth(String token) throws BusinessException;
 
diff --git a/src/main/java/io/github/xxyopen/novel/core/config/CorsConfig.java b/src/main/java/io/github/xxyopen/novel/core/config/CorsConfig.java
index b3d22f2..a14e497 100644
--- a/src/main/java/io/github/xxyopen/novel/core/config/CorsConfig.java
+++ b/src/main/java/io/github/xxyopen/novel/core/config/CorsConfig.java
@@ -40,4 +40,5 @@ public class CorsConfig {
         configurationSource.registerCorsConfiguration("/**",config);
         return new CorsFilter(configurationSource);
     }
+
 }
diff --git a/src/main/java/io/github/xxyopen/novel/core/wrapper/XssHttpServletRequestWrapper.java b/src/main/java/io/github/xxyopen/novel/core/wrapper/XssHttpServletRequestWrapper.java
index b233a01..c96d94b 100644
--- a/src/main/java/io/github/xxyopen/novel/core/wrapper/XssHttpServletRequestWrapper.java
+++ b/src/main/java/io/github/xxyopen/novel/core/wrapper/XssHttpServletRequestWrapper.java
@@ -14,12 +14,15 @@ import java.util.Map;
  */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
-    private final Map<String,String> replaceRule = new HashMap<>();
+    private static final Map<String,String> REPLACE_RULE = new HashMap<>();
+
+    static {
+        REPLACE_RULE.put("<", "&lt;");
+        REPLACE_RULE.put(">", "&gt;");
+    }
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);
-        replaceRule.put("<", "&lt;");
-        replaceRule.put(">", "&gt;");
     }
 
     @Override
@@ -29,9 +32,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
             int length = values.length;
             String[] escapeValues = new String[length];
             for (int i = 0; i < length; i++) {
-                String raw = values[i];
+                escapeValues[i] = values[i];
                 int index = i;
-                replaceRule.forEach((k, v)-> escapeValues[index] = raw.replaceAll(k, v));
+                REPLACE_RULE.forEach((k, v)-> escapeValues[index] = escapeValues[index].replaceAll(k, v));
             }
             return escapeValues;
         }