Posting on behalf of User:Dispenser:
When POSTing data from the Toolserver to foundation wikis the cross-domain POSTing triggers the XSS Filter in Internet Explorer 8 and 9.  When the filter is triggered, usually with a Preview or Diff, it sanitatises the edit box of many non-alphanumeric characters as seen in . A regular user is unaware the edit box's contents were changed from those present in the diff. Additionally, earlier flaws in the mangling heuristics introduced a "universal XSS" venerability. 
The suggested solution is disalbing the filter by setting the HTTP header X-XSS-Protection: 0 when submitting a form.