This is almost certainly a ModSecurity configuration problem on your hosting. It's been set up to block requests too aggressively, possibly being triggered by the WYSIWYG editor (i.e. blocking any form request that contains HTML).

Talk to your webhost and they should be able to turn off or reconfigure ModSecurity.

It is possible it might also relate to URL schemes. I've had similar issues on my v10 install but it happens with the /pg/ scheme, not the raw scheme. Have not tested on .htm or super simple schemes.

Also worthy to note the issue is not present on v11-alpha