Hi, hoping someone can help with this issue.

F5 WAF suggested that the parameter "text" should be "XML value". I agreed and and I'm using the default XML content profile.

However the actual value looks like HTML code to me, which is not an option anywhere AFAIK. Mostly there are no issues, except for some special situations like this particular request that contains "(" and ")" characters in the value.

As a result I'm getting an error:

The request looks very similar to the one below:

POST /aaa/bbb HTTP/1.1
Host: aaa.bbb.org
Connection: keep-alive
Content-Length: 00000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://aaa.bbb.org
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://aaa.bbb.org
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ************
X-Forwarded-For: 1.1.1.1

text=<b>aaa+aa.+11111+aa+aaaaaaa+111+1111+</b>(<a+href="https://www.ccc.org/ddd/111/ppp.pdf">aaaa11.222</a>+-+oooooooooo)+(eeeeeeeee+jjjjjjjjjj+1,+2222)
&input_format=full_html&token=xxxxxxxxxxxx

Is there any way to tweak the XML content profile to make this work, or should I switch the parameter to user-input/alphanumeric and add the HTML meta characters as allowed?