A potentially dangerous Request.QueryString value was detected from the client when sending html markup from jquery post call to asp.net page

If this is ASP.NET 4, there was a breaking change with ValidateRequest. See this StackOverflow question for more information on requestValidationMode.

There's already a good answer for this, and here i'll provide the information so that you don't have to click through links.

When running ASP.NET 4.0, you will need to set the following in your web.config file RequestValidationMode="2.0".

What is this property for?

A value that indicates which ASP.NET version-specific approach to validation will be used. The default is 4.0.

So what are the possible values?

• 4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any
  HTTP request data is accessed. This guarantees that the request
  validation is triggered before data such as cookies and URLs are
  accessed during the request. The request validation settings of the
  pages element (if any) in the configuration file or of the @ Page
  directive in an individual page are ignored.

• 2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

If you want to add a custom validation logic for one particular ASP.NET page or for one or more query string parameters without setting ValidateRequest="false" for entire page - the following "hacky" solution could be useful:

public partial class MyPage : System.Web.UI.Page{    private string SomeUnvalidatedValue { get; set; }    public override void ProcessRequest(HttpContext context)    {        var queryString = context.Request.QueryString;        var readOnly = queryString.GetType().GetProperty("IsReadOnly",            System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic);        readOnly.SetValue(queryString, false);        var unvalidatedValue = context.Request.Unvalidated.QueryString["SomeKey"];        // for RequestValidationMode="2.0"        //var unvalidatedValue = context.Request.QueryString["SomeKey"];        // custom logic goes here        // you could store unvalidated value here and then remove it from the query string        SomeUnvalidatedValue = unvalidatedValue;        queryString["SomeKey"] = string.Empty;        // or just remove all "potentially dangerous" symbols, for example        if (!string.IsNullOrEmpty(unvalidatedValue))        {            queryString["SomeKey"] = Regex.Replace(unvalidatedValue,                "(\\<+[a-z!/\\?])|(&\\#)", new MatchEvaluator((m) =>                {                    return m.Value.Replace("<", string.Empty).Replace("&#", string.Empty);                }), RegexOptions.IgnoreCase);        }        readOnly.SetValue(queryString, true);        // keep other request validation logic as is        base.ProcessRequest(context);    }}

The regular expression made as result of this ASP.NET method analyzing: CrossSiteScriptingValidation.IsDangerousString

Code tested with .NET 4.5.2, IIS integrated mode, with and without RequestValidationMode="2.0".