Please go to http://admin-demo.nopcommerce.com/Admin/Product/Edit/11 -> Specification attributes tab -> press edit on Screensize attribute -> change 'Show on product page' or 'Display order' options -> press Update -> error happens.
In debug the server response:
A potentially dangerous Request.Form value was detected from the client (ValueRaw="10.0''").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ValueRaw="10.0''").
Source Error:
Line 7: public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
Line 8: {
-->Line 9: var model = base.BindModel(controllerContext, bindingContext);
Line 10: if (model is BaseNopModel)
Line 11: {