ASP.NET 1.1 automatically validates input posted to the server against a list of potentially dangerous strings (the values are hard-coded, unfortunately, it would have been nice to be able to edit this list). For example, by default it prevents the user to submit text that contains “