diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2c733c..1c32ced 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # 变更日志
 此项目的所有显著更改将记录在此文件中。
+## [2.0.13]-2023-03-07
+感谢 osxtest 为本项目贡献代码
+感谢 冰茶、 明月清风、 不悲、 1nfosec、 潜龙在渊 等师傅对来源提示和超链接功能的建议
+感谢 独自等待、 Wild Code Developer 对登录异常的反馈
+### 添加
+- 新增了插件图标处有几种类型被匹配到的数字提示，此功能为 osxtest 开发。
+- 新增了域名白名单，通过配置常用的域名，避免目标站点登录时csrf_token失效。
+- 新增了提取到的信息来源提示和超链接，现在你可以通过“ctrl+左键”或“右键-在新标签页中打开链接”来打开该信息的来源链接。
+### 修复
+- 修复一些体验上的bug。
+
 ## [2.0.12]-2023-02-14
 感谢 小笼包 提出bug。
 ### 修复
diff --git a/background.js b/background.js
index bb91b4b..6782c5c 100755
--- a/background.js
+++ b/background.js
@@ -827,7 +827,7 @@ function webhook(data) {
     data = JSON.stringify(search_data[data]);
     // console.log(data);
     chrome.storage.local.get(["webhook_setting"], function(settings){
-        if(settings["webhook_setting"] == {} || settings["webhook_setting"] ==undefined){
+        if(!settings || !settings["webhook_setting"] || settings["webhook_setting"] == {} || settings["webhook_setting"] ==undefined){
             // console.log('获取webhook_setting失败');
             return;
         }
@@ -902,14 +902,14 @@ chrome.runtime.onMessage.addListener(
             search_data[request.current]['tasklist'] = [];
             search_data[request.current]['donetasklist'] = [];
         }else{
-            search_data[request.current] = {'current':request.current, 'tasklist': [], 'donetasklist': []};
+            search_data[request.current] = {'current':request.current, 'tasklist': [], 'donetasklist': [], 'source': {}};
         }
         let promiseTask = [];
-        for (var i = request.data.length - 1; i >= 0; i--) {
+        request.data.map((req_url)=>{
             try{
-                var myRequest = new Request(request.data[i], myInit);
-                search_data[request.current]['tasklist'].push(0);
+                var myRequest = new Request(req_url, myInit);
                 let p = fetch(myRequest,myInit).then(function(response) {
+                    search_data[request.current]['tasklist'].push(0);
                     // console.log(response);
                     response.text().then(function(text) {
                     // console.log(text);
@@ -919,54 +919,62 @@ chrome.runtime.onMessage.addListener(
 
                     //遍历所有数据类型
                     for (var i = 0; i < key.length; i++) {
-                    //如果传入的数据没有这个类型，就看下一个
-                    if (tmp_data[key[i]] == null){
-                      continue;
-                    }
-                    // 把前端的处理放到这里避免重复
-                    if (not_sub_key.indexOf(key[i])<0){
-                      tmp_data[key[i]] = sub_1(tmp_data[key[i]])
-                    }
-                    //如果search_data有历史数据，进行检查
-                    if (tmp_data['current'] in search_data){
-                      for (var j = 0; j < key.length; j++) {
-                        if (search_data[tmp_data['current']][key[j]]!=null){
-                          tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
+                        //如果传入的数据没有这个类型，就看下一个
+                        if (tmp_data[key[i]] == null){
+                          continue;
+                        }
+                        // 把前端的处理放到这里避免重复
+                        if (not_sub_key.indexOf(key[i])<0){
+                          tmp_data[key[i]] = sub_1(tmp_data[key[i]])
+                        }
+                        tmp_data[key[i]].map((item)=>{
+                            search_data[tmp_data['current']]['source'][item] = req_url
+                        })
+                        //如果search_data有历史数据，进行检查
+                        if (tmp_data['current'] in search_data){
+                          for (var j = 0; j < key.length; j++) {
+                            if (search_data[tmp_data['current']][key[j]]!=null){
+                              tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
+                            }
+                          }
+                        }
+                        if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
+                          var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
+                          if ('static' in search_data[tmp_data['current']]){
+                            var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
+                          }else{
+                            var res = collect_static(search_data_value,[])
+                          }
+                          search_data[tmp_data['current']][key[i]] = res['arr1']
+                          search_data[tmp_data['current']]['static'] = res['static']
+                        }else{
+                          var search_data_value = unique(tmp_data[key[i]]).sort()
+                          if ('static' in search_data[tmp_data['current']]){
+                            var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
+                          }else{
+                            var res = collect_static(search_data_value,[])
+                          }
+                          search_data[tmp_data['current']]['static'] = res['static']
+                          search_data[tmp_data['current']][key[i]] = res['arr1']
                         }
-                      }
-                    }
-                    if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
-                      var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
-                      if ('static' in search_data[tmp_data['current']]){
-                        var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
-                      }else{
-                        var res = collect_static(search_data_value,[])
-                      }
-                      search_data[tmp_data['current']][key[i]] = res['arr1']
-                      search_data[tmp_data['current']]['static'] = res['static']
-                    }else{
-                      var search_data_value = unique(tmp_data[key[i]]).sort()
-                      if ('static' in search_data[tmp_data['current']]){
-                        var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
-                      }else{
-                        var res = collect_static(search_data_value,[])
-                      }
-                      search_data[tmp_data['current']]['static'] = res['static']
-                      search_data[tmp_data['current']][key[i]] = res['arr1']
-                    }
                     }
                     search_data[request.current]['donetasklist'].push(0);
                     tab_url[sender.tab.id] = request.current;
                     refresh_count();
                     chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
                     });
-                }).catch(err=>{ console.log("fetch error",err)});
+                }).catch(err=>{
+                    console.log("fetch error",err);
+                    search_data[request.current]['donetasklist'].push(0);
+                    refresh_count();
+                    chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
+                });
                 promiseTask.push(p);
             }
             catch (e){
-                continue;
+                // console.log(e);
             }
-        }
+        });
         chrome.storage.local.get(["fetch_timeout"], function(settings){
             if(settings["fetch_timeout"] == true){
 
@@ -1007,16 +1015,18 @@ chrome.runtime.onMessage.addListener(
 });
 
 chrome.tabs.onUpdated.addListener(function (tabId, props) {
-  if (props.status == "complete" && tabId == selected_id)
-    refresh_count();
+    if (props.status == "complete" && tabId == selected_id)
+        refresh_count();
 });
 
 chrome.tabs.onActivated.addListener(function (activeInfo) {
-  selected_id = activeInfo.tabId;
-  refresh_count();
+    selected_id = activeInfo.tabId;
+    refresh_count();
 });
 
 chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {
-  selected_id = tabs[0].id;
-  refresh_count();
+    if(tabs && tabs[0]){
+        selected_id = tabs[0].id;
+        refresh_count();
+    }
 });
\ No newline at end of file
diff --git a/content.js b/content.js
index 4a2f96f..ee03587 100755
--- a/content.js
+++ b/content.js
@@ -7,38 +7,44 @@
     var source = document.getElementsByTagName('html')[0].innerHTML;
     var hostPath;
     var urlPath;
-    var urlWhiteList = ['google.com'];
+    var urlWhiteList = ['.google.com','.amazon.com','portswigger.net'];
     var target_list = [];
-    for(var i = 0;i < urlWhiteList.length;i++){
-        if(host.indexOf(urlWhiteList[i]) != -1){
-            return false;
-        }
-    }
-    target_list.push(window.location.href);
-
     var source_href = source.match(/href=['"].*?['"]/g);
     var source_src = source.match(/src=['"].*?['"]/g);
     var script_src = source.match(/<script [^><]*?src=['"].*?['"]/g);
-    // console.log(source_href,source_src,script_src)
-    if(source_href){
-        for(var i=0;i<source_href.length;i++){
-            var u = deal_url(source_href[i].substring(6,source_href[i].length-1));
-            if(u){
-                target_list.push(u);
+    chrome.storage.local.get(["allowlist"], function(settings){
+        // console.log(settings , settings['allowlist'])
+        if(settings && settings['allowlist']){
+            urlWhiteList = settings['allowlist'];
+        }
+        for(var i = 0;i < urlWhiteList.length;i++){
+            if(host.endsWith(urlWhiteList[i])){
+                console.log('域名在白名单中，跳过当前页')
+                return ;
             }
         }
-    }
-    if(source_src){
-        for(var i=0;i<source_src.length;i++){
-            var u = deal_url(source_src[i].substring(5,source_src[i].length-1));
-            if(u){
-                target_list.push(u);
+        target_list.push(window.location.href);
+        
+        // console.log(source_href,source_src,script_src)
+        if(source_href){
+            for(var i=0;i<source_href.length;i++){
+                var u = deal_url(source_href[i].substring(6,source_href[i].length-1));
+                if(u){
+                    target_list.push(u);
+                }
             }
         }
-    }
-    
-    chrome.runtime.sendMessage({greeting: "find",data: target_list, current: href}, function(response) { });
-
+        if(source_src){
+            for(var i=0;i<source_src.length;i++){
+                var u = deal_url(source_src[i].substring(5,source_src[i].length-1));
+                if(u){
+                    target_list.push(u);
+                }
+            }
+        }
+        
+        chrome.runtime.sendMessage({greeting: "find",data: target_list, current: href});
+    });
     function is_script(u){
         if(script_src){
             for(var i=0;i<script_src.length;i++){
@@ -311,19 +317,24 @@ function show_info(result_data) {
 }
 function get_info() {
     chrome.runtime.sendMessage({greeting: "get", current: window.location.href}, function(result_data) {
-        if(result_data == undefined || result_data['done']!='done' || result_data==null){
+        let taskstatus = document.getElementById('taskstatus');
+        if(!taskstatus){
+            return;
+        }
+        if(!result_data|| result_data['done']!='done'){
             // console.log('还未提取完成');
-            if(result_data != undefined || result_data!=null ){
+            if(result_data){
                 show_info(result_data);
-                document.getElementById('taskstatus').textContent = "处理中.."+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
+
+                taskstatus.textContent = "处理中.."+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
             }else{
-                document.getElementById('taskstatus').textContent = "处理中..";
+                taskstatus.textContent = "处理中..";
             }
             sleep(100);
             get_info();
             return;
         }
-        document.getElementById('taskstatus').textContent = "处理完成："+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
+        taskstatus.textContent = "处理完成："+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
         show_info(result_data);
         // 结果不一致继续刷新
         if(result_data['donetasklist'].length!=result_data['tasklist'].length){
diff --git a/manifest.json b/manifest.json
index 9a8c54b..7bd4bd4 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,6 +1,6 @@
 {
   "name": "FindSomething",
-  "version": "2.0.12",
+  "version": "2.0.13",
   "manifest_version": 3,
   "description": "在网页的源代码或js中找到一些有趣的东西",  
   "permissions": [     
diff --git a/popup.js b/popup.js
index e9bc542..e015350 100755
--- a/popup.js
+++ b/popup.js
@@ -58,16 +58,44 @@ function sleep (time) {
   return new Promise((resolve) => setTimeout(resolve, time));
 }
 
+// 实体编码，防止xss
+function htmlEncodeByRegExp(str) {
+    var s = '';
+    if(str.length === 0) {
+        return '';
+    }
+    s = str.replace(/&/g,'&amp;');
+    s = s.replace(/</g,'&lt;');
+    s = s.replace(/>/g,'&gt;');
+    s = s.replace(/ /g,'&nbsp;');
+    s = s.replace(/\'/g,'&#39;');
+    s= s.replace(/\"/g,'&quot;');
+    return s;
+}
+
 function show_info(result_data) {
     for (var k in key){
         if (result_data[key[k]]){
             // console.log(result_data[key[k]])
-            let p="";
-            for(var i in result_data[key[k]]){
-                p = p + result_data[key[k]][i] +'\n'
+            let container = document.getElementById(key[k]);
+            while((ele = container.firstChild)){
+                ele.remove();
+            }
+            container.style.whiteSpace = "pre";
+            for (var i in result_data[key[k]]){
+                let link = document.createElement("a");
+                link.textContent = result_data[key[k]][i]+'\n';
+                let source = result_data['source'][result_data[key[k]][i]];
+                if (source) {
+                    //虽然无法避免被xss，但插件默认提供了正确的CSP，这意味着我们即使不特殊处理，javascript也不会被执行。
+                    // source = 'javascript:console.log`1`'
+                    link.setAttribute("href", source);
+                    link.setAttribute("title", source);
+                }
+                let span = document.createElement("span");
+                span.appendChild(link);
+                container.appendChild(span);
             }
-            document.getElementById(key[k]).style.whiteSpace="pre";
-            document.getElementById(key[k]).textContent=p;
         }
     }
 }
@@ -75,18 +103,18 @@ function show_info(result_data) {
 getCurrentTab().then(function get_info(tab) {
     // console.log("findsomething_result_"+tab.url)
     chrome.storage.local.get(["findsomething_result_"+tab.url], function(result_data) {
-        if (result_data==undefined){
+        if (!result_data){
             sleep(100);
             get_info(tab);
             return;
         }
         result_data = result_data["findsomething_result_"+tab.url]
         // console.log(result_data)
-        if(result_data == undefined || result_data['done']!='done'){
+        if(!result_data || result_data['done']!='done'){
             // console.log('还未提取完成');
             if(result_data && result_data.donetasklist){
                 // console.log("findsomething_result_"+tab.url)
-                chrome.storage.local.get(["findsomething_result_"+tab.url], show_info(result_data));
+                chrome.storage.local.get(["findsomething_result_"+tab.url], function(result){show_info(result["findsomething_result_"+tab.url]);});
                 // show_info(result_data);
                 document.getElementById('taskstatus').textContent = "处理中.."+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
             }else{
@@ -96,8 +124,9 @@ getCurrentTab().then(function get_info(tab) {
             get_info(tab);
             return;
         }
+        // console.log(result_data)
         document.getElementById('taskstatus').textContent = "处理完成："+result_data['donetasklist'].length+"/"+result_data['tasklist'].length;
-        chrome.storage.local.get(["findsomething_result_"+tab.url], show_info(result_data));
+        chrome.storage.local.get(["findsomething_result_"+tab.url], function(result){show_info(result["findsomething_result_"+tab.url]);});
         // show_info(result_data);
         // 结果不一致继续刷新
         // if(result_data['donetasklist'].length!=result_data['tasklist'].length){
diff --git a/settings.html b/settings.html
index 6fcfa9b..460f889 100644
--- a/settings.html
+++ b/settings.html
@@ -29,9 +29,21 @@
     "auth":"auth_key"
 }'></textarea></div>
            </div>
+           
            <a href="#"><div style="width: 90px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #ffffff; color: #000000; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-top: 10px;" id="reset">置空并保存</div></a>
            <a href="#"><div style="width: 40px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #000000; color: #ffffff; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-left: 10px; margin-top: 10px;" id="save">保存</div></a>
+        <div style="width: 300px; float: left; margin-top: 20px;">
+            <div class="findsomething_title" style="margin-bottom:10px;">域名白名单</div>
+            <div style="float: left; width: 198px; margin-top:6px;"><textarea id="allowlist" style="width: 198px; padding: 0 0 0 0; border-color: #e8e8e8; min-height: 200px;" placeholder='输入域名的结尾部分，以换行分隔，若不配置默认使用.google.com,.amazon.com,portswigger.net'>.google.com
+.amazon.com
+portswigger.net
+</textarea></div>
         </div>
+        <div style="width: 300px; float: left; margin-top: 20px;">
+           <a href="#"><div style="width: 90px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #ffffff; color: #000000; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-top: 10px;" id="reset_allowlist">置空并保存</div></a>
+           <a href="#"><div style="width: 40px; height: 28px; float: left; text-align: center; line-height: 28px; font-size: 14px; background: #000000; color: #ffffff; border: 1px solid black;border-radius: 2px 2px 2px 2px; margin-left: 10px; margin-top: 10px;" id="save_allowlist">保存</div></a>
+        </div>
+
         <div style="width: 600px; height: 800px; float: left;">
             
         </div>
diff --git a/settings.js b/settings.js
index 005ba2d..2c8e53c 100644
--- a/settings.js
+++ b/settings.js
@@ -9,11 +9,27 @@ document.getElementById("save").onclick=function () {
 	chrome.storage.local.set({"webhook_setting": webhook_setting});
 }
 document.getElementById("reset").onclick=function () {
-	// var webhook_setting = {};
+	let webhook_setting = {"url":"","arg":"","headers":{}};
 	document.getElementById('url').value = "";
 	document.getElementById('arg').value = "";
 	document.getElementById('headers').value = "{}";
 	// console.log(webhook_setting);
+	chrome.storage.local.set({"webhook_setting": webhook_setting});
+}
+
+document.getElementById("save_allowlist").onclick=function () {
+	snsArr = document.getElementById('allowlist').value.split(/[(\r\n)\r\n]+/);
+	snsArr.forEach((item, index)=>{
+		if(!item){
+			snsArr.splice(index,1);
+		}
+	})
+	// console.log(snsArr)
+	chrome.storage.local.set({"allowlist": snsArr});
+}
+document.getElementById("reset_allowlist").onclick=function () {
+	document.getElementById('allowlist').value = "";
+	chrome.storage.local.set({"allowlist": []});
 }
 
 document.getElementById("global_float").onclick=function () {
@@ -38,7 +54,7 @@ document.getElementById("fetch_timeout").onclick=function () {
 
 chrome.storage.local.get(["webhook_setting"], function(settings){
 	console.log(settings);
-	if(settings["webhook_setting"] == {}){
+	if(!settings || settings == {} || !settings["webhook_setting"] ){
         console.log('获取webhook_setting失败');
         return;
     }