I am working on .NET 4.0 MVC project. I am trying to Ajax post a piece of data from my KO model. That data is a string in following XML format. <SearchCriteria><Criteria SearchOn="Name" SearchValue="test 3" /></SearchCriteria> Code (markup): I am trying to post it like this. $.ajax({ url: destUrl, data: ko.toJSON(DataToPost()), type: "POST", success: function (result) { // I am doing my stuff here. } }, error: function (request, textStatus, errorThrown) { alert(request.statusText); } }); Code (markup): Here you will notice the data being sent is "ko.toJSON(DataToPost())". DataToPost() returns the XML string contained in my KO model data member DataToPost. ko.toJSON() is used to convert the KO model data in JSON. This throws a runtime exception which is normally thrown when we post anything containing javascript or html tags. This is a security feature by .NET. Following is the exception. A potentially dangerous Request.Form value was detected from the client. <SearchCriteria><Criteria SearchOn="...est 3\" /></SearchCriteria> Code (markup): I faced similar situation sometimes back (though I was not using KO that time and it was normal post i.e. non Ajax). I overcame the problem that time by using javascript escape() but this time it failed. I used it as follows $.ajax({ url: destUrl, [B]data: ko.toJSON(escape(SearchCriteria()))[/B], type: "POST", success: function (result) { // I am doing my stuff here. } }, error: function (request, textStatus, errorThrown) { alert(request.statusText); } }); Code (markup): Other popular fix is to disable this security either at page level or at application level. It could be done as follows. Page level. <%@ Page validateRequest="false" %> Code (markup): Application level. <configuration> <system.web> <pages validateRequest="false" /> </system.web> </configuration> Code (markup): But doing away with this security is not good. I don't think it will be a wise move. Right now I don't know what to do. Need suggestions. Thanks in advance!
I realized that it is difficult to serialize an XML formatted string hence instead of XML formatted string I decided to post List of Key value pair instead. This approach is working fine.