Unless the data in NodeContent is already escaped, you should add the ESCAPE=HTML attribute to your TMPL_VAR tag, so that HTML special chracters such as < are escaped. See the HTML::Template documentation and the relevant HTML specification for details. I'd write something like:

<TEXTAREA NAME="NodeContent" ROWS="100" COLS="20">
<!-- TMPL_VAR NAME=NodeContent ESCAPE=HTML -->
</TEXTAREA>
[download]