Index: ssts-web/src/main/java/com/forgon/disinfectsystem/inventoryrecord/service/InventoryRecordManagerImpl.java
===================================================================
diff -u -r34973 -r38455
--- ssts-web/src/main/java/com/forgon/disinfectsystem/inventoryrecord/service/InventoryRecordManagerImpl.java	(.../InventoryRecordManagerImpl.java)	(revision 34973)
+++ ssts-web/src/main/java/com/forgon/disinfectsystem/inventoryrecord/service/InventoryRecordManagerImpl.java	(.../InventoryRecordManagerImpl.java)	(revision 38455)
@@ -25,6 +25,7 @@
 import net.sf.json.JSONObject;
 
 import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.poi.hssf.usermodel.HSSFCellStyle;
@@ -2397,15 +2398,15 @@
 		//返回json对象
 		JSONObject importInventoryRecord = new JSONObject();
 		importInventoryRecord.put("rowIndex", rowIndex);
-		importInventoryRecord.put("externalCode", externalCode);
-		importInventoryRecord.put("name", name);
-		importInventoryRecord.put("specification", specification);
+		importInventoryRecord.put("externalCode", StringEscapeUtils.escapeJavaScript(externalCode));
+		importInventoryRecord.put("name", StringEscapeUtils.escapeJavaScript(name));
+		importInventoryRecord.put("specification", StringEscapeUtils.escapeJavaScript(specification));
 		importInventoryRecord.put("expDate", expDate);
-		importInventoryRecord.put("batchNumber", batchNumber);
+		importInventoryRecord.put("batchNumber", StringEscapeUtils.escapeJavaScript(batchNumber));
 		importInventoryRecord.put("storage", storage);
 		importInventoryRecord.put("amount", amount);
 		importInventoryRecord.put("price", price);
-		importInventoryRecord.put("supplierName", supplierName);
+		importInventoryRecord.put("supplierName", StringEscapeUtils.escapeJavaScript(supplierName));
 		importInventoryRecord.put("sequence", sequence);
 		
 		return importInventoryRecord;