This was definitely one of those facepalm moments, where you spend a couple of hours beating on an issue then find out it's one line of code - so hopefully folks googling the same things I did will hit on this and have a solution. Short version - if you need to HTTP post to your controller from an HTML form, and one of your fields has embedded HTML text (in my case, it was a nifty WYSIWYG text editor), you will get a very nasty error that looks something like this: A potentially dangerous Request.Form ......