AJAX, Html Encoding, and hash symbol not working properly (C# and JQuery)

I have a textbox that takes in a vartitle and generates that vartitle into an HTML encoded variable that is passed into my url for ajax.

Here is an example of my string of parameters passed to my ajax call:

 method=savecat&templatename=percentdistribution&dropzone=Column_1&datasetid=31&subjectid=28&varnumber=1155&origin=&codes=1@0@&values=Satisfied%20with%20job%20overall@Not%20satisfied%20with%20job%20overall@&vartitle=%26%23&miss开发者_开发知识库ingvalues=-3,-7,-9

As you can see at the end, vartitle=%26%23.

For the example above, I typed &# into my textbox. That sequence of &# does something to break my ajax call. If I type anything else, the ajax works perfectly.

What am I missing?

My ajax call is below:

 function SendAjax(webPageName, queryParams, triggerFunction)
 {    


      alert(queryParams); //is the string mentioned above   
      alert(webPageName); //is the valid page name: BGPPS.aspx


     var date = new Date();
     var unique = date.getDay() + date.getHours() + date.getMinutes() + date.getSeconds() + date.getMilliseconds();

     $.ajax(
     {
         type: "POST",
         url: webPageName,
         data: queryParams+'&'+unique,
         success: triggerFunction
    });
}

you need to URLEncode values of parameters if they are taken from user input that could contain these characters, those are special characters in a URL and have control meaning.

See this stack overflow question on how to do that: Encode URL in JavaScript?

Edit: By default, ASP.Net doesn't allow posts that look like they could be XSS attacks. Apparantly ASP.Net thinks &# can be used in XSS attacks. You can disable this behavior for a given page by adding ValidateRequest="false" to your @Page directive:

<%@ Page Language="C#" ... ValidateRequest="false" %>

That should solve it for you.

My original answer:

Don't worry about encoding the arguments. Let jQuery encode your POST arguments by passing it a map of the key value pairs that you want submitted:

$.ajax({
    type: "POST",
    url: webPageName,
    data: {
        method: "savecat",
        templatename: "percentdistribution",
        dropzone: "Column_1",
        datasetid: "31",
        subjectid: "28",
        varnumber: "1155",
        origin: "",
        codes: "1@0@",
        values: "Satisfied with job overall@Not satisfied with job overall@",
        vartitle: "&#",
        missingvalues: "-3,-7,-9"
    },
    success: triggerFunction
});

I think jQuery will make it for You. Just give it an object.

$.ajax({
  type: "POST",
  url: webPageName,
  data: {var1: 'foo', var2: 'bar'},
  success: triggerFunction
});