C# – Potentially dangerous Request.QueryString value was detected from the client

ajaxasp.net-mvcc

So, I know WHY this happens but just unsure the best way to go about fixing it.
The application I am using has a ViewModel and binds/maps the properties from a Model.

This VM is then bound to the View and using the @Html.TextBox() helper.

This is an example: The actual text value from the DB is:

"Université de Montréal"

The rendered output on the HTML in the DOM is:

<input class="validate" id="EmployerName" name="EmployerName" type="text" value="Universit&amp;#233; de Montr&amp;#233;al" />

Now, once the page has been loaded, it does an AJAX GET call by serializing the form and sending that across.

At this point, it DOES hit the controller (because I have the [ValidateRequest(false)] attribute applied to that controller action, but I then get the error:

A potentially dangerous Request.QueryString value was detected from the client (employername="Universit&#233; de Montr&#233..."). 

At this point, I am stuck as to what to do to fix the problem and let the request process normally.
I know by adding the in the web.config fixes it, I do not want to change it site wide.

any ideas the best thing to do to allow this request to process as normal?

Controller action:

[ValidateInput(false)] 
[OutputCache(NoStore = true, Duration = 0)]
public ActionResult GetMoreData(Criteria crit)
{
...
}

Best Answer

So, I managed to fixed this.

When using the MVC TextBoxFor, it automatically encoded the string (which is nice).

Adding the [ValidateInput(false)] attribute to the controller action works to the point where it can call the action method. I then simply did an HtmlDecode ON SAVE. On load, I simply HtmlEncode the string.

Not the best solution if you have a lot of properties being displayed to the user but it works.