diff --git a/doc/XXL-JOB官方文档.md b/doc/XXL-JOB官方文档.md
index 549192b7..56f33b3f 100644
--- a/doc/XXL-JOB官方文档.md
+++ b/doc/XXL-JOB官方文档.md
@@ -2062,9 +2062,11 @@ data: post-data
 - 16、调度中心组件加载顺序优化，修复极端情况下调度组件初始慢导致的调度失败问题；
 - 17、执行器注册线程优化，修复极端情况下初始化失败时导致NPE问题；
 - 18、执行器Commandhandler示例任务优化，修复极端情况下脚本进程挂起问题；
+- 19、调度中心页面交互优化：用户管理模块密码列取消；多处表达autocomplete取消；执行器管理模块XSS拦截校验等；
 - 19、[ING]任务触发参数优化：支持选择 "Cron触发"、"固定间隔时间触发"、"指定时间点触发"、"不选择" 等；
 - 20、[ING]任务 misfire 策略：忽略、补偿一次、补偿最近10次……等；
 - 21、[规划中]执行器注册，异步写入；
+- 22、[规划中]默认开启访问令牌鉴权；
 
 
 ### 7.32 版本 v2.3.0 Release Notes[规划中]
diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java
index 484d5ba5..4bb4b90a 100644
--- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java
+++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobGroupController.java
@@ -68,13 +68,23 @@ public class JobGroupController {
 		if (xxlJobGroup.getAppname().length()<4 || xxlJobGroup.getAppname().length()>64) {
 			return new ReturnT<String>(500, I18nUtil.getString("jobgroup_field_appname_length") );
 		}
+		if (xxlJobGroup.getAppname().contains(">") || xxlJobGroup.getAppname().contains("<")) {
+			return new ReturnT<String>(500, "AppName"+I18nUtil.getString("system_unvalid") );
+		}
 		if (xxlJobGroup.getTitle()==null || xxlJobGroup.getTitle().trim().length()==0) {
 			return new ReturnT<String>(500, (I18nUtil.getString("system_please_input") + I18nUtil.getString("jobgroup_field_title")) );
 		}
+		if (xxlJobGroup.getTitle().contains(">") || xxlJobGroup.getTitle().contains("<")) {
+			return new ReturnT<String>(500, I18nUtil.getString("jobgroup_field_title")+I18nUtil.getString("system_unvalid") );
+		}
 		if (xxlJobGroup.getAddressType()!=0) {
 			if (xxlJobGroup.getAddressList()==null || xxlJobGroup.getAddressList().trim().length()==0) {
 				return new ReturnT<String>(500, I18nUtil.getString("jobgroup_field_addressType_limit") );
 			}
+			if (xxlJobGroup.getAddressList().contains(">") || xxlJobGroup.getAddressList().contains("<")) {
+				return new ReturnT<String>(500, I18nUtil.getString("jobgroup_field_registryList")+I18nUtil.getString("system_unvalid") );
+			}
+
 			String[] addresss = xxlJobGroup.getAddressList().split(",");
 			for (String item: addresss) {
 				if (item==null || item.trim().length()==0) {
diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java
index 573ffccf..3f4c7559 100644
--- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java
+++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java
@@ -56,6 +56,13 @@ public class UserController {
         List<XxlJobUser> list = xxlJobUserDao.pageList(start, length, username, role);
         int list_count = xxlJobUserDao.pageListCount(start, length, username, role);
 
+        // filter
+        if (list!=null && list.size()>0) {
+            for (XxlJobUser item: list) {
+                item.setPassword(null);
+            }
+        }
+
         // package result
         Map<String, Object> maps = new HashMap<String, Object>();
         maps.put("recordsTotal", list_count);		// 总记录数
diff --git a/xxl-job-admin/src/main/resources/static/js/user.index.1.js b/xxl-job-admin/src/main/resources/static/js/user.index.1.js
index 804640ea..48d3f302 100644
--- a/xxl-job-admin/src/main/resources/static/js/user.index.1.js
+++ b/xxl-job-admin/src/main/resources/static/js/user.index.1.js
@@ -33,7 +33,7 @@ $(function() {
 					},
 	                {
 	                	"data": 'password',
-						"visible" : true,
+						"visible" : false,
                         "width":'20%',
                         "render": function ( data, type, row ) {
                             return '*********';
diff --git a/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl b/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl
index 05a6de19..778df9ec 100644
--- a/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl
+++ b/xxl-job-admin/src/main/resources/templates/jobgroup/jobgroup.index.ftl
@@ -28,13 +28,13 @@
                 <div class="col-xs-3">
                     <div class="input-group">
                         <span class="input-group-addon">AppName</span>
-                        <input type="text" class="form-control" id="appname" autocomplete="on" placeholder="${I18n.system_please_input}AppName" >
+                        <input type="text" class="form-control" id="appname" placeholder="${I18n.system_please_input}AppName" >
                     </div>
                 </div>
                 <div class="col-xs-3">
                     <div class="input-group">
                         <span class="input-group-addon">${I18n.jobgroup_field_title}</span>
-                        <input type="text" class="form-control" id="title" autocomplete="on" placeholder="${I18n.jobgroup_field_title}" >
+                        <input type="text" class="form-control" id="title" placeholder="${I18n.jobgroup_field_title}" >
                     </div>
                 </div>
                 <div class="col-xs-2">
diff --git a/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl b/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl
index 0fdf2239..0e39c2a6 100644
--- a/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl
+++ b/xxl-job-admin/src/main/resources/templates/jobinfo/jobinfo.index.ftl
@@ -46,17 +46,17 @@
                 </div>
                 <div class="col-xs-2">
                     <div class="input-group">
-                        <input type="text" class="form-control" id="jobDesc" autocomplete="on" placeholder="${I18n.system_please_input}${I18n.jobinfo_field_jobdesc}" >
+                        <input type="text" class="form-control" id="jobDesc" placeholder="${I18n.system_please_input}${I18n.jobinfo_field_jobdesc}" >
                     </div>
                 </div>
                 <div class="col-xs-2">
                     <div class="input-group">
-                        <input type="text" class="form-control" id="executorHandler" autocomplete="on" placeholder="${I18n.system_please_input}JobHandler" >
+                        <input type="text" class="form-control" id="executorHandler" placeholder="${I18n.system_please_input}JobHandler" >
                     </div>
                 </div>
                 <div class="col-xs-2">
                     <div class="input-group">
-                        <input type="text" class="form-control" id="author" autocomplete="on" placeholder="${I18n.system_please_input}${I18n.jobinfo_field_author}" >
+                        <input type="text" class="form-control" id="author" placeholder="${I18n.system_please_input}${I18n.jobinfo_field_author}" >
                     </div>
                 </div>
 	            <div class="col-xs-1">