I am not sure how this plug in works honestly, but lets say you have <textarea>value</textarea>

if you set value to be <script>alert("test");</script> which is a script code but encoded to prevent js injection, then it gets transformed and excecuted, this one just alerts test.

I have made a fiddle as proof https://jsfiddle.net/1tkpcjbq/