my $textarea_content = $q->param('message');

# Escape all characters that are special for HTML
my %html_escape = (
    '<' => '&lt;',
    '>' => '&gt;',
    '&' => '&amp;',
);
$textarea_content =~ s/([<>&])/$html_escape{ $1 }/ge;

# Convert newlines to <br> tags
$textarea_content =~ s/\r?\n/<br>\n/g;

print $textarea_content;