In my ASP.NET MVC 5 app, I'm reading some data from a form then making a jQuery ajax call to an action method in the backend to save it into my database.
In the form, if I enter some text with HTML tags in it, I'm getting an error because of the HTML tags. I'm getting the standard "...potentially dangerous..." error.
I'm sanitizing the data in the back end using GetSafeHtmlFragment() but the error is generated as soon as the data reaches my action method.
What is the correct way to send data to my action method from a client-side script e.g. jquery ajax call? Do I first HTML encode the data in my, say JS event handler, then send it to my action method?