diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
index 6caae6d..47a6ae1 100644
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
@@ -26,6 +26,7 @@ const (
 	HTTPFirewallRuleOperatorContainsAny          HTTPFirewallRuleOperator = "contains any"
 	HTTPFirewallRuleOperatorContainsAll          HTTPFirewallRuleOperator = "contains all"
 	HTTPFirewallRuleOperatorContainsSQLInjection HTTPFirewallRuleOperator = "contains sql injection"
+	HTTPFirewallRuleOperatorContainsXSS          HTTPFirewallRuleOperator = "contains xss"
 	HTTPFirewallRuleOperatorHasKey               HTTPFirewallRuleOperator = "has key" // has key in slice or map
 	HTTPFirewallRuleOperatorVersionGt            HTTPFirewallRuleOperator = "version gt"
 	HTTPFirewallRuleOperatorVersionLt            HTTPFirewallRuleOperator = "version lt"
@@ -174,6 +175,13 @@ var AllRuleOperators = []*RuleOperatorDefinition{
 		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 		DataType:        "none",
 	},
+	{
+		Name:            "包含XSS注入",
+		Code:            HTTPFirewallRuleOperatorContainsXSS,
+		Description:     "检测字符串内容是否包含XSS注入",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+		DataType:        "none",
+	},
 	{
 		Name:            "包含二进制数据",
 		Code:            HTTPFirewallRuleOperatorContainsBinary,