1. Add the following to the existing Page directive on the relevant pages.
2. Add the following to the Web.config within the <system.web> section (globally disable request validation). This will allow users to enter HTML into controls which could be harmful or result in undesirable consequences.
<pages validateRequest="false" />
3. Unless you need users to be able to enter HTML into a form, make sure all HTML displayed in controls is encoded.
lblText.Text = HttpUtility.HtmlEncode( lblTest.Text );