Gridview Postback data triggering XSS attack rule in firewall

I have gridview data that have some contents in html. Problem is when the data is sent back for postback, the firewall is triggering XSS rule. What’s the best way to handle this.

I don’t know, it seems like a misconfigured WAF to me. I guess you might be able to workarounding by marking the property with HTML content as [Bind(Direction.ServerToClient)].

Most of the HTML Content are binded to Gridviews. Also can’t mark Gridview as [Bind(Direction.ServerToClient)]. as it needs the postback data for sorting and paging.

Well, I though you could mark as ServerToClient the single property with HTML content. If you need the HTML content back on the server, there logically aren’t many more options than reconfiguring the WAF. Although, if you are relying the HTML content from the client, I’d understand if your security would get quite nervous