Do you need to validate a textarea against XSS injections?
I have a textarea on a reg form and have tried entering data wrapped in h1 tags for a test, but when I look at the output in the admin area, the textarea displays <h1>test words</h1>
I would have expected it to display a REALLY big 'test words' if it was vulnerable, as the h1 tags would get parsed and would also dissapear...I kind of don't know what to look for.
Any ideas?