Swedish characters giving potentially dangerous request.form value error on Ajax call

Question

I am calling a controller function from Ajax in my view

$.ajax({
    type: "POST",
    url: "@Url.Action("GetSelectedItemsForRoleId","User")",
    data: { optionLabel: '@CommonResource.DropdownNoValueText', optionValue: null, selectedValue: null, filterValue: 0 },
    success: function (result) {
        alert('success');
        var departmentDropdown = $('#RoleId').data("DropDownList");
        departmentDropdown.setDataSource(result);
    },
    error: function(XMLHttpRequest, textStatus, errorThrown)
    {
        alert('XMLHttpRequest ' + XMLHttpRequest);
        alert('textStatus ' + textStatus);
        alert('errorThrown ' + errorThrown);
        //some stuff on failure
    },
    dataType: "json",
    traditional: true,
    async: false
});  

CommonResource.DropdownNoValueText is -Välj-

I get the following error in failure block :

potentially dangerous request.form value was detected from the client

My controller signature looks like this:

public ActionResult GetSelectedItemsForRoleId(string optionLabel, string optionValue, string selectedValue, int filterValue)  

I tried to put ValidateInput annotation above this function and set it to false.
After doing that the string appears as -Välj- .
What is the cause of this and how can I derive the original text ie -Välj- ?

Update :
I have further tried with two things:

1. I replaced @CommonResource.DropdownNoValueText directly with -Välj- . Now I don't get any error.(But this isn't the correct solution as this won't resolve the lingustic feature).
2. I replaced DropdownNoValueText in CommonResource with something else like eee which also does not give error.(But even this isn't the solution).

Answer 1

I had the similar problem with both Swedish and Spanish characters. We used method HttpUtility.JavaScriptStringEncode which encoded characters from strings and caused ampersand followed by hash symbol (like in your example):

puntuación   

Solution was to change default encoder used by classes HtmlUtility to not use default encoder ( HtmlEncoder ) but rather AntiXssEncoder which seems to be doing a better job since it doesn't try to encode characters such as special Swedish or Spanish characters so no error is thrown.

I guess AntiXssEncoder encoder understands these characters are harmless and doesn't try to encode them. This change is in config file and probably has global effect:

<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder"/>

Just to add some information about root cause of situation - unsuccessful attempt of resolving this issue was to use HttpUtility.HtmlEncode which changed string to :

puntuación

so that & was used instead of & which resolved problem but caused other unwanted side-effects.