ASP.NET does not allow any HTML (basically a list of potentially dangerous values) in a Querystring or Form field value by default. This is set by the @Page directive's ValidateRequest attribute (true by default).
You could turn the feature off, but it will open you up to XSS attacks. The better method is to make sure that all your querystrings are properly URL-encoded.
In your case, it appears to be the </div> tag that is causing the problem. If this querystring is being created via Javascript, I would suggest the use of the encodeURIComponent() function to encode values.
Cerebrus
2009-05-18 09:16:51