diff --git a/resources/views/admin/platform_orders/show.blade.php b/resources/views/admin/platform_orders/show.blade.php
index 18935e4..f7ad33b 100644
--- a/resources/views/admin/platform_orders/show.blade.php
+++ b/resources/views/admin/platform_orders/show.blade.php
@@ -760,26 +760,29 @@
 
 <div class="mb-20 mt-16">
     @php
-        $back = (string) request()->query('back', '');
-        // back 安全校验：只接受相对路径，且拒绝引号/尖括号，并拒绝 nested back，避免潜在 XSS/URL 膨胀。
+        $incomingBack = (string) request()->query('back', '');
+        // back 安全护栏：
+        // - 仅允许站内相对路径（/ 开头）
+        // - 拒绝引号/尖括号
+        // - 拒绝 nested back=（避免 URL 膨胀/绕过）
         // 说明：下方 href 采用原样输出以避免 &amp; 影响断言。
-        $safeBack = (str_starts_with($back, '/')
-            && !preg_match('/["\'<>]/', $back)
-            && !preg_match('/(?:^|[?&])back=/', $back))
-            ? $back
+        $safeBackForLinks = (str_starts_with($incomingBack, '/')
+            && !preg_match('/["\'<>]/', $incomingBack)
+            && !preg_match('/(?:^|[?&])back=/', $incomingBack))
+            ? $incomingBack
             : '';
 
         // 若 back 指向的平台订单列表带 lead_id，则在详情页也提示当前来源线索（更不迷路）。
         $leadIdFromBack = 0;
-        if ($safeBack !== '') {
-            $parts = parse_url($safeBack);
+        if ($safeBackForLinks !== '') {
+            $parts = parse_url($safeBackForLinks);
             parse_str((string) ($parts['query'] ?? ''), $q);
             $leadIdFromBack = (int) ($q['lead_id'] ?? 0);
         }
     @endphp
 
-    @if($safeBack)
-        <a href="{!! $safeBack !!}" class="muted">← 返回上一页（保留上下文）</a>
+    @if($safeBackForLinks !== '')
+        <a href="{!! $safeBackForLinks !!}" class="muted">← 返回上一页（保留上下文）</a>
         @if($leadIdFromBack > 0)
             <span class="muted">｜</span>
             <span class="badge">来源线索：#{{ $leadIdFromBack }}</span>