Index: modules/html/html.man
==================================================================
--- modules/html/html.man
+++ modules/html/html.man
@@ -1,7 +1,7 @@
 [comment {-*- tcl -*- doctools manpage}]
-[vset HTML_VERSION 1.4.3]
+[vset HTML_VERSION 1.4.4]
 [manpage_begin html n [vset HTML_VERSION]]
 [see_also htmlparse]
 [see_also ncgi]
 [keywords checkbox]
 [keywords checkbutton]

Index: modules/html/html.tcl
==================================================================
--- modules/html/html.tcl
+++ modules/html/html.tcl
@@ -13,11 +13,11 @@
 #
 # Originally by Brent Welch, with help from Dan Kuchler and Melissa Chawla
 
 package require Tcl 8.2
 package require ncgi
-package provide html 1.4.3
+package provide html 1.4.4
 
 namespace eval ::html {
 
     # State about the current page
 
@@ -910,11 +910,11 @@
 #
 # Results:
 #	The html fragment
 
 proc ::html::textarea {name {param {}} {current {}}} {
-    ::set value [ncgi::value $name $current]
+    ::set value [quoteFormValue [ncgi::value $name $current]]
     return "<[string trimright \
 	"textarea name=\"$name\"\
 		[tagParam textarea $param]"]>$value</textarea>\n"
 }
 

Index: modules/html/html.test
==================================================================
--- modules/html/html.test
+++ modules/html/html.test
@@ -451,10 +451,22 @@
     ncgi::reset info=[ncgi::encode "The textarea value."]
     ncgi::parse
     html::textarea info
 } {<textarea name="info" cols="50" rows="8">The textarea value.</textarea>
 }
+
+test html-23.3 {html::textarea, dangerous input} {
+    html::init {
+	textarea.cols 50
+	textarea.rows 8
+    }
+    ncgi::reset info=[ncgi::encode "</textarea><script>alert(1)</script>"]
+    ncgi::parse
+    html::textarea info
+} {<textarea name="info" cols="50" rows="8">&lt;/textarea&gt;&lt;script&gt;alert(1)&lt;/script&gt;</textarea>
+}
+
 
 test html-24.1 {html::submit} {
     catch {html::submit}
 } {1}
 

Index: modules/html/pkgIndex.tcl
==================================================================
--- modules/html/pkgIndex.tcl
+++ modules/html/pkgIndex.tcl
@@ -1,2 +1,2 @@
 if {![package vsatisfies [package provide Tcl] 8.2]} {return}
-package ifneeded html 1.4.3 [list source [file join $dir html.tcl]]
+package ifneeded html 1.4.4 [list source [file join $dir html.tcl]]