Of course there is always Apache::TaintRequest which just ties STDOUT and escapes tainted data. Another generalized approach would be to throw errors if your program attempted to write tainted data. I'd generally prefer to untaint the data myself prior and just use things like that as a constraint system. But anyhow, the base idea is all right there and is really simple.

Fun Fun Fun in the Fluffy Chair