To avoid the HttpRequestValidationException Exception you' ll have to set the flag validateRequest in the page directive .
<%@ Page language="c#" validateRequest="false" Codebehind="TestForm.aspx.cs" AutoEventWireup="false" Inherits="TestForm" %>
Ofcourse there is a downside. When you disable the validation you will have to prevent script injection yourself. Just don't forget to encode your html code and querystrings.
This can be done by using the following code snippet:
string safeFormFieldName = Server.HtmlEncode(formFieldName);
string safeQuery = Server.UrlEncode(fulfillmentFormName);
The .NET framework will escape the illegal characters like < ' >. It will replace the character < with <
The browser will correctly interpret the < and decode the character to <.