Thus, the default controllers created for you in Grails will return a message to the user, letting them know that something has been inserted / edited successfully. By default, we return the identifier of the inserted thing, domainClassInstance.id at the end of the next line
flash.message = "${message(
code: 'default.updated.message',
args: [
message(code: 'domainclass.label', default: ''),
domainClassInstance.id
])}"
The obvious improvement that needs to be made in your real application is to change it for the name / name of the object in question, i.e.
flash.message = "${message(
code: 'default.updated.message',
args: [
message(code: 'domainClass.label', default: ''),
domainClassInstance.name
])}"
XSS, "" . , , , , .encodeAsHTML() ? .
,