fix(用户管理): 修复用户列表页面加载失败问题

修复用户列表页面加载失败导致测试超时的问题，确保页面元素正确渲染

crates/erp-auth/src/dto.rs

@@ -3,6 +3,8 @@ use utoipa::ToSchema;
 use uuid::Uuid;
 use validator::Validate;
 
+use erp_core::sanitize::{sanitize_option, sanitize_string};
+
 // --- Auth DTOs ---
 
 #[derive(Debug, Deserialize, Validate, ToSchema)]
@@ -58,10 +60,22 @@ pub struct CreateUserReq {
     pub password: String,
     #[validate(email)]
     pub email: Option<String>,
+    #[validate(length(max = 20))]
     pub phone: Option<String>,
+    #[validate(length(max = 100))]
     pub display_name: Option<String>,
 }
 
+impl CreateUserReq {
+    /// 清理所有用户输入字段中的 HTML 标签，防止存储型 XSS。
+    pub fn sanitize(&mut self) {
+        self.username = sanitize_string(&self.username);
+        self.email = sanitize_option(self.email.take());
+        self.phone = sanitize_option(self.phone.take());
+        self.display_name = sanitize_option(self.display_name.take());
+    }
+}
+
 #[derive(Debug, Deserialize, ToSchema)]
 pub struct UpdateUserReq {
     pub email: Option<String>,
@@ -71,6 +85,15 @@ pub struct UpdateUserReq {
     pub version: i32,
 }
 
+impl UpdateUserReq {
+    /// 清理所有用户输入字段中的 HTML 标签，防止存储型 XSS。
+    pub fn sanitize(&mut self) {
+        self.email = sanitize_option(self.email.take());
+        self.phone = sanitize_option(self.phone.take());
+        self.display_name = sanitize_option(self.display_name.take());
+    }
+}
+
 // --- Role DTOs ---
 
 #[derive(Debug, Clone, Serialize, ToSchema)]