diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index c99723684bf..14b1d581986 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -116,6 +116,8 @@ function testSqlAndScriptInject($val, $type)
 		$inj += preg_match('/union.+select/i', 	 $val);
 		$inj += preg_match('/(\.\.%2f)+/i',		 $val);
 	}
+	// For XSS Injection done by closing textarea to exucute content into a textarea field
+	$inj += preg_match('/<\/textarea/i', $val);
 	// For XSS Injection done by adding javascript with script
 	// This is all cases a browser consider text is javascript:
 	// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers