I agree that you should never store escaped data (well, except when you HAVE to and it's done transparently, like placeholders and DBI).

My personal fav for stuff like this is the escapeHTML() method provided by the helping friendly CGI. You're probably using CGI in your application anyway, so you might as well use one more method.

#!/usr/bin/perl -wT
use strict;
use CGI;
my $q=CGI->new();
print $q->header(),
     $q->start_html(-title=>'My little preview thingy');

if($q->param('submit')){
     #print the preview because this has been submitted.

     print
          $q->h3('Source-'), 
          $q->escapeHTML($q->param('preview_field')),
          $q->hr(),
          $q->h3('HTML-'), 
          $q->param('preview_field'),
          $q->hr();
}

print $q->start_form(),
     $q->h4('Put your stuff here'),
     $q->textarea(-name=>'preview_field',-rows=>20,-columns=>60),
     $q->br(),
     $q->submit(-name=>'submit',-value=>'Hit me baby one more time'),
     $q->end_form();
[download]

-Any sufficiently advanced technology is
indistinguishable from doubletalk.