Index: ssts-web/src/main/webapp/logonForExpensiveGoods.jsp
===================================================================
diff -u -r31663 -r40811
--- ssts-web/src/main/webapp/logonForExpensiveGoods.jsp	(.../logonForExpensiveGoods.jsp)	(revision 31663)
+++ ssts-web/src/main/webapp/logonForExpensiveGoods.jsp	(.../logonForExpensiveGoods.jsp)	(revision 40811)
@@ -82,7 +82,7 @@
 	</div>
     <div class="login_tag" id="tip">&nbsp;
     <c:if test="${(message != null)}">${message }</c:if>
-    <c:if test="${(message == null && param.login_error == 1)}">账号或密码错误！请重新输入！</c:if>
+    <c:if test="${(message == null && param.login_error == '1')}">账号或密码错误！请重新输入！</c:if>
     </div>
     <div class="login_n">
       <input class="login_input" id="j_username_display" name="j_username_display" tabindex="1" type="text" maxlength="20" onfocus="this.select()" />
@@ -116,8 +116,8 @@
 }
 
 if('${param.redirectToTop}' == 'true'){
-	if('${param.login_error}' != ''){
-		top.document.location.href='${ctx}/logon.jsp?login_error=${param.login_error}';
+	if('${fn:escapeXml(param.login_error)}' != ''){
+		top.document.location.href='${ctx}/logon.jsp?login_error=${fn:escapeXml(param.login_error)}';
 	}else{
 		top.document.location.href='${ctx}/logon.jsp';
 	}