diff --git a/resources/views/admin/platform_orders/form.blade.php b/resources/views/admin/platform_orders/form.blade.php
index 768b0e9..ac6e84c 100644
--- a/resources/views/admin/platform_orders/form.blade.php
+++ b/resources/views/admin/platform_orders/form.blade.php
@@ -11,11 +11,7 @@
     @php
         $leadId = (int) old('lead_id', $defaults['lead_id'] ?? 0);
         $incomingBackForLead = (string) ($defaults['back'] ?? '');
-        $leadBack = (str_starts_with($incomingBackForLead, '/')
-            && !preg_match('/["\'<>]/', $incomingBackForLead)
-            && !preg_match('/(?:^|[?&])back=/', $incomingBackForLead))
-            ? $incomingBackForLead
-            : '';
+        $leadBack = \App\Support\BackUrl::sanitizeForLinks($incomingBackForLead);
 
         $viewLeadOrdersQuery = [
             'lead_id' => $leadId,
@@ -63,13 +59,8 @@
 
     @php
         $backVal = (string) old('back', $defaults['back'] ?? '');
-        // back 作为隐藏字段用于 store 后跳转回来源页：同样需要安全护栏
-        $backValSafe = (str_starts_with($backVal, '/')
-            && !preg_match('/["\'<>]/', $backVal)
-            // back 本身不应再包含 back（避免无限嵌套导致 URL 膨胀）
-            && !preg_match('/(?:^|[?&])back=/', $backVal))
-            ? $backVal
-            : '';
+        // back 作为隐藏字段用于 store 后跳转回来源页：同样需要安全护栏（统一口径）
+        $backValSafe = \App\Support\BackUrl::sanitizeForLinks($backVal);
     @endphp
     @if($backValSafe !== '')
         <input type="hidden" name="back" value="{{ $backValSafe }}">