Index: ssts-web/src/main/webapp/logon.jsp
===================================================================
diff -u -r40763 -r40811
--- ssts-web/src/main/webapp/logon.jsp	(.../logon.jsp)	(revision 40763)
+++ ssts-web/src/main/webapp/logon.jsp	(.../logon.jsp)	(revision 40811)
@@ -315,7 +315,7 @@
 		</div>
 		<div class="login_tag" id="tip" style="left:180px;">&nbsp;
 			<c:if test="${(message != null)}">${message }</c:if>
-			<c:if test="${(message == null && param.login_error == 1)}">账号或密码错误！请重新输入！</c:if>
+			<c:if test="${(message == null && param.login_error == '1')}">账号或密码错误！请重新输入！</c:if>
 		</div>
 		<div class="login_n">
 			<input class="login_input" id="j_username_display" name="j_username_display" autocomplete="off" tabindex="1" type="text" maxlength="20" onfocus="this.select()" />
@@ -549,8 +549,8 @@
 var j_password_display = document.getElementById('j_password_display');
 
 if('${param.redirectToTop}' == 'true'){
-	if('${param.login_error}' != ''){
-		top.document.location.href='${ctx}/logon.jsp?login_error=${param.login_error}';
+	if('${fn:escapeXml(param.login_error)}' != ''){
+		top.document.location.href='${ctx}/logon.jsp?login_error=${fn:escapeXml(param.login_error)}';
 	}else{
 		top.document.location.href='${ctx}/logon.jsp';
 	}