There's just too many Context/attack vectors for the the template to handle;there's the CSS context,the Javascript,the URL, the HTML, the JSON...The Perl counterpart,which I don't know what that would be, of an anti-XSS library such as Coverity's is recommended.

For example,have a look at the various escapers offered by this library:
https://coverity.github.io/coverity-security-library/com/coverity/security/Escape.html