So, I have been trying to inject the textarea with an event handler that has the XSS in it, then posting. But, it doesn’t work.
I even tried putting the event handler in the submit button, and the hidden input tag.
I tried encoding the input.
I once had the alert pop up but that was using a method that didn’t have the exact input string, so I didn’t pass.
Can anyone nudge me in another direction?