diff --git a/README.md b/README.md
index 53d06ad3..004bcde2 100644
--- a/README.md
+++ b/README.md
@@ -97,7 +97,7 @@
 
 ## 技术选型
 
-* 主框架：Spring Boot 3.4、Spring Framework 6、Apache Shiro 2、J2Cache
+* 主框架：Spring Boot 3.5、Spring Framework 6、Apache Shiro 2、J2Cache
 * 持久层：Apache MyBatis 3.5、Hibernate Validator 8、Alibaba Druid 1.2
 * 分离版：Node.js、TypeScript、Vue3、Vite、Ant Design Vue、Vue Vben Admin
 * 经典版：Beetl 3.10（HTML）、jQuery 3.7、Bootstrap 3.3、AdminLTE 2.4
@@ -111,9 +111,9 @@
 
 ## 更多介绍
 
+* 架构特点：<https://jeesite.com/docs/feature/>
 * 内置功能：<https://jeesite.com/docs/function/>
 * 目录结构：<https://jeesite.com/docs/catalog/>
-* 架构特点：<https://jeesite.com/docs/feature/>
 * 参数配置：<https://jeesite.com/docs/config/>
 * 开发规范：<https://jeesite.com/docs/standard/>
 * 代码生成：<https://jeesite.com/docs/code-gen/>
diff --git a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
index 4d797e33..1c1efe62 100644
--- a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
+++ b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
@@ -191,7 +191,7 @@ public class EncodeUtils {
 	// 预编译XSS过滤正则表达式
 	private static final List<Pattern> xssPatterns = ListUtils.newArrayList(
 			Pattern.compile("(<\\s*(script|link|style|iframe)([\\s\\S]*?)(>|<\\/\\s*\\1\\s*>))|(</\\s*(script|link|style|iframe)\\s*>)", Pattern.CASE_INSENSITIVE),
-			Pattern.compile("\\s*(href|src)\\s*=\\s*(\"\\s*(javascript|vbscript):[^\"]+\"|'\\s*(javascript|vbscript):[^']+'|(javascript|vbscript):[^\\s]+)\\s*(?=>)", Pattern.CASE_INSENSITIVE),
+			Pattern.compile("\\s*(href|src)\\s*=\\s*(\"\\s*(javascript|vbscript|data):[^\"]+\"|'\\s*(javascript|vbscript|data):[^']+'|(javascript|vbscript|data):[^\\s]+)\\s*(?=>)", Pattern.CASE_INSENSITIVE),
 			Pattern.compile("\\s*/?\\s*on[a-zA-Z]+\\s*=\\s*(['\"]?)(.*?)\\1(?=\\s|>|/>)", Pattern.CASE_INSENSITIVE),
 			Pattern.compile("(eval\\((.*?)\\)|expression\\((.*?)\\))", Pattern.CASE_INSENSITIVE),
 			Pattern.compile("^(javascript:|vbscript:)", Pattern.CASE_INSENSITIVE)
diff --git a/common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java b/common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java
index 73039d3f..c0f48f66 100644
--- a/common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java
+++ b/common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java
@@ -41,6 +41,7 @@ public class EncodeUtilsTest {
 		xssFilter(i++, "<!--HTML-->你好 ?abc=def&hello=123&world={\"a\":1}我还在。");
 		xssFilter(i++, "<!--HTML-->你好 ?abc=def&hello=123&world={'a':1}我还在。");
 		xssFilter(i++, "<!--HTML-->\"><svg/ONLOAD=confirm(3) />");
+		xssFilter(i++, "<!--HTML-->XSS<embed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCg5KTwvc2NyaXB0Pgo=\">");
 		sqlFilter(i++, "你好 select * from xxx where abc=def and 1=1我还在。", "common");
 		sqlFilter(i++, "你好 insert into xxx values(1,2,3,4,5)我还在。", "common");
 		sqlFilter(i++, "你好 delete from xxx我还在。", "common");