A potentially dangerous Request.Form value was detected from the client

Question

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown.

I don\'t want to go

Answer 1

You could also use JavaScript's escape(string) function to replace the special characters. Then server side use Server.URLDecode(string) to switch it back.

This way you don't have to turn off input validation and it will be more clear to other programmers that the string may have HTML content.