To send some data to code behind you have two methods. The Post and the Get.
The one is to send data with post back - meaning that you need to add them inside a hidden or other input control that send them with post.
The other is to add them to the url, as parameters.
Both of this methods can be used with ajax call. So select one and send your data to code behind.
About the message:
Request Validation: html code in an input field
This is security measure for general purpose, in your case if you know that you going to send html code on code behind, and you know how you control that, simple disabled it and do not worry - just be careful what you going to render later.
From MSDN Request Validation in ASP.NET:
This can be a problem if you want your application to accept HTML markup. For example, if your site lets users add comments, you might want to let users perform basic formatting using HTML tags that put text in bold or italics. In cases like these, you can disable request validation and check for malicious content manually, or you can customize request validation so that certain kinds of markup or script are accepted
Update
example code that works: Main page
<head runat="server">
<title></title>
<script type="text/javascript">
window.callback = function (doc) {
doc.getElementById('SendBack').value = escape("<b>send me back</b>");
}
function openWindow() {
var mywindow = window.open("Page2PopUp.aspx");
}
</script>
</head>
<body>
<form id="form1" runat="server">
<a href="#" onclick="openWindow();return false">open pop up</a>
</form>
</body>
</html>
PopUp Page
<head runat="server">
<title></title>
<script type="text/javascript">
function GetDataBack() {
window.opener.callback(document);
}
</script>
</head>
<body >
<form id="form1" runat="server">
<div>
<input id="SendBack" name="SendBack" value="" type="hidden" />
<asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" OnClientClick="GetDataBack()" />
<asp:Literal runat="server" ID="txtDebugCode"></asp:Literal>
</div>
</form>
</body>
</html>
and read it :
protected void Button1_Click(object sender, EventArgs e)
{
txtDebugCode.Text = Server.UrlDecode(Request.Form["SendBack"]);
}