Form Save Fails in Native UI When Pasting PoC/Exploit-Like Text into a String Field

Hi All,
We are facing a strange issue in Native UI on the Incident table.
We have a custom field:

Table: incident
Field: u_steps_to_reproduce (String, max length around 8000)

When users paste technical content into this field—for example security PoC details, exploit reproduction steps, HTTP request/response data, or XML content like <!DOCTYPE> or <!ENTITY>—and then click Save or Update, the record does not save.
After clicking Save/Update, the browser shows a generic error like:

“It looks like the webpage at https://atyourserviceportal.service-now.com/incident.do might be having issues, or it may have moved permanently to a new web address.”

The changes are lost, and the incident is not updated.
This happens even when the text is about 7000 characters, which is below the field’s 8000‑character limit, so it does not seem to be a length issue.
If we remove certain parts of the text (for example <!DOCTYPE, <!ENTITY, or similar strings), the record saves successfully.
Based on our testing, it looks like the request may be getting blocked before ServiceNow processes it, possibly due to:

a WAF or reverse proxy
security filtering that detects exploit‑like or XXE‑style patterns in the request payload

What we’ve checked so far:

The form submission is a normal POST to incident.do with application/x-www-form-urlencoded
The issue is fully reproducible with specific PoC‑type content
Server‑side Business Rules may not help if the request never reaches the ServiceNow instance

Has anyone faced a similar issue, or found a recommended way to handle this kind of content in ServiceNow?