UIDL containing HTML gets blocked by firewall


I am facing a problem with a TextField (Vaadin 7.3.3) having a user input containing HTML tags. This is recognised by our (web application) firewall as XSS and gets blocked. Here is the UIDL POST request:

POST /admin/v1/UIDL/?v-uiId=0 HTTP/1.1 Host: some.server.com Connection: keep-alive Content-Length: 174 Origin: https://some.server.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36 Content-Type: application/json; charset=UTF-8 Accept: */* Referer: https://some.server.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: AL_SESS-S=AAABLs2qH_JhNTJiNzkyNzg0Y2YzNmZjZWQxMDViNDY0ODgzZjNlMQAAKfkkVjRg4fiA6HX3DJzfoGo4i!0= {"csrfToken":"f26c6fd9-a3ba-4d01-9644-953f6d8fef9d", "rpc":[["83","v","v",["c",["i","0"] ]],["84","v","v",["text",["s","<html>"] ]],["84","v","v",["c",["i","6"] ]]], "syncId":8 Please note the snippet in the JSON.

Is there any way to work around this? I would prefer to solve this by Vaadin means and not by changing the firewall rules making the application dependant from the environment.

Thanks in advance and kind regards