    自定义一些变量，这些变量都带有html/js标签，存在XSS
    #set($code = "<script>alert(1);</script>") : 
    #set($code2 = "<span>PandoraBoot</span>") : 
    #set($code3 = "<div>:D</div>") : 
    


    before ignore:
    


    $code : <script>alert(1);</script>

    


    $code2 : <span>PandoraBoot</span>

    


    ${code3} : <div>:D</div>

    


    $!{ignoredName} (This is ignored by framework in application.properties through "spring.security.xss.ignored.context.names=ignoredName"): 

    after ignore by #xss_ignored:

    #xss_ignored($code,$!code2,${code3}) 
    


    $code : 

    


    $code2 : PandoraBoot

    


    ${code3} : :D

    


    $!{ignoredName} : 

    

    save name : 

    
        Name:
Home