I'm getting the following error when I post back with the RadEditor
A potentially dangerous Request.Form value was detected from the client (step1RadEditor$ctl00="...asdf a sdf<
>").Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. <
This issue has already been discussed in this Post
5 years ago but I'm not satisfied with its solution (ie: setting ValidateRequest to false). Why can't RadEditor just HTML encode its value(s) before POSTing it to the server so it wont trigger ASP.NET's alarm?
Is there a better work around?