Your problem will be that you are sending back to the ASP.NET page where request validation is enabled. Essentially, the tinymce HTML will contain angle brackets and that (among other things) will disable ASP.NET security checking features (which tries to catch cross-site scripting attacks). You can disable request validation on an ASP.NET page.
Disabling query verification on a page using the page directive:
<%@ Page validateRequest="false" %>