We have a document management system here. A user keys-in text into a textarea to submit to a DB. Later on another user reads and/or modifies the stored text in a textarea of a html page. So in the reading or modifying page, the stored text will be preloaded into the textarea as its initial value. For example, in JSP:
<textarea><%= aTextString %></textarea>
When the user-entered text contains a html tag, for example, a textarea ending tag, there will be a problem for the reading and modifying page. One may suggest a text replacement be applied to escape the tags, but for our case it's important to keep anything intact (display may not be as critical, but recall that the displayed text may be subjected to user modification).