diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php
index 00709365..23085cd7 100644
--- a/var/Widget/Options/General.php
+++ b/var/Widget/Options/General.php
@@ -36,7 +36,8 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I
/** 站点名称 */
$title = new Typecho_Widget_Helper_Form_Element_Text('title', NULL, $this->options->title, _t('站点名称'), _t('站点的名称将显示在网页的标题处.'));
$title->input->setAttribute('class', 'w-100');
- $form->addInput($title->addRule('required', _t('请填写站点名称')));
+ $form->addInput($title->addRule('required', _t('请填写站点名称'))
+ ->addRule('xssCheck', _t('请不要在站点名称中使用特殊字符')));
/** 站点地址 */
$siteUrl = new Typecho_Widget_Helper_Form_Element_Text('siteUrl', NULL, $this->options->originalSiteUrl, _t('站点地址'), _t('站点地址主要用于生成内容的永久链接.')
@@ -49,11 +50,11 @@ class Widget_Options_General extends Widget_Abstract_Options implements Widget_I
/** 站点描述 */
$description = new Typecho_Widget_Helper_Form_Element_Text('description', NULL, $this->options->description, _t('站点描述'), _t('站点描述将显示在网页代码的头部.'));
- $form->addInput($description);
+ $form->addInput($description->addRule('xssCheck', _t('请不要在站点描述中使用特殊字符')));
/** 关键词 */
$keywords = new Typecho_Widget_Helper_Form_Element_Text('keywords', NULL, $this->options->keywords, _t('关键词'), _t('请以半角逗号 "," 分割多个关键字.'));
- $form->addInput($keywords);
+ $form->addInput($keywords->addRule('xssCheck', _t('请不要在关键词中使用特殊字符')));
/** 注册 */
$allowRegister = new Typecho_Widget_Helper_Form_Element_Radio('allowRegister', array('0' => _t('不允许'), '1' => _t('允许')), $this->options->allowRegister, _t('是否允许注册'),
diff --git a/var/Widget/Options/Reading.php b/var/Widget/Options/Reading.php
index 20ef9b68..84262a82 100644
--- a/var/Widget/Options/Reading.php
+++ b/var/Widget/Options/Reading.php
@@ -39,7 +39,7 @@ class Widget_Options_Reading extends Widget_Options_Permalink
. _t('在某些主题中这个格式可能不会生效, 因为主题作者可以自定义日期格式.') . '
'
. _t('请参考 PHP 日期格式写法.'));
$postDateFormat->input->setAttribute('class', 'w-40 mono');
- $form->addInput($postDateFormat);
+ $form->addInput($postDateFormat->addRule('xssCheck', _t('请不要在日期格式中使用特殊字符')));
//首页显示
$frontPageParts = explode(':', $this->options->frontPage);