diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index b45a7474a..4375bcc4c 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -471,6 +471,9 @@ class rcube_washtml
                             }
                         }
                     }
+                    else if ($tagName == 'textarea' && strpos($content, '<') !== false) {
+                        $content = htmlspecialchars($content, ENT_QUOTES);
+                    }
 
                     $dump .= $this->wash_attribs($node);
 
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index df8319102..90cc477df 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -358,4 +358,15 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
         $this->assertTrue($washer->extlinks);
         $this->assertNotContains('TRACKING', $washed, "Src attribute of <video> tag (#5583)");
     }
+
+    function test_textarea_content_escaping()
+    {
+        $html = '<textarea><p style="x:</textarea><img src=x onerror=alert(1)>">';
+
+        $washer = new rcube_washtml;
+        $washed = $washer->wash($html);
+
+        $this->assertNotContains('onerror=alert(1)>', $washed);
+        $this->assertContains('&lt;p style=&quot;x:', $washed);
+    }
 }