Is obtaining the value of a textarea
/input
with the jQuery function .val()
XSS-proof?
<html>
<textarea id="t1"></textarea>
<script>
var toBeDisplayed = $('#t1').val();
$('#elem').html(toBeDisplayed);
</script>
</html>