Survey submissions fail with "Failed to submit. Field {fieldName} has invalid HTML content" or "Unable to apply edits"

Error Message

When submitting an ArcGIS Survey123 survey record, the submission fails with the following error messages:

• “Failed to submit. Field {fieldName} has invalid HTML content.”
• “Unable to apply edits.”

This error occurs when the submitted value contains HTML-like characters, such as < or >.

Cause

The feature service has cross-site scripting (XSS) prevention enabled. The input content is validated based on the service’s xssPreventionInfo configuration. If the submission contains HTML-like input that is not allowed, the feature service rejects the edit and returns the error.

Solution or Workaround

Update the feature service’s xssPreventionInfo settings to allow or sanitize HTML-like input:

• Keep XSSPreventionEnabled as true and set xssInputRule to sanitizeInvalid. This sanitizes invalid HTML content instead of rejecting the submission
• Set xssPreventionEnabled to false to disable XSS prevention.

Warning:
Disabling XSS prevention can introduce security risks. Only do this in trusted environments and when you fully understand the security implications.

If only certain fields are necessary to accept HTML-like content, configure the feature layer’s xssTrustedFields so these fields are treated as trusted and excluded from the XSS filtering behavior.

Warning:
Marking fields as trusted can increase security risk. Only trust fields when you understand the impact and the data source is trusted.