How to store the third party script with HTML code in the wordpress custom input field?

You are using esc_textarea() to output the content – so it’s doing exactly that.

This is of course the correct thing to do with user input, so you have a few options here.

  1. Only ask for the embed id – then reconstruct it in php. Something like:
<!-- Meta box input example -->
<input name="thirdpartyvideoscript" placeholder="eg. s3lqfi0zn7" />
<!-- expected input format is "s3lqfi0zn7" -->
<?php if ( ! empty( $meta_embed_value ) ) { // $meta_embed_value is your returned meta box (get_post_meta) ?>
    <script src="//fast.wistia.com/embed/medias/<?php echo esc_attr( $meta_embed_value ); ?>.jsonp" async></script>
    <script src="//fast.wistia.com/assets/external/E-v1.js" async></script>
    <div class="wistia_embed wistia_async_<?php echo esc_attr( $meta_embed_value ); ?>" style="height:349px;width:620px">&nbsp;</div>
<?php } ?>

  1. You can deconstruct the input using a RegEx and match the expected input – ie allow the whole script to be pasted into the textedit area – then use the same code above to print out your matches – in your allowed and safe format.

  2. Throw caution to the wind… open yourself up to stored XSS attacks and do the unthinkable – trust user input. Which if I hadn’t made myself clear enough – isn’t a good thing to do.

tech