If that was clearly explained, please let me know & I'll try to be more clear.

That sounds like a runaway process. :-)

The biggest problem I see right off the bat with your approach is that it rules out the possibility of the user entering comments in the HTML text they are submitting.

Anyway, have you considered standard HTML escaping? There are probably many modules to do this, but I use HTML::Entities.

But whether HTML escaping is the way to go is only a naive guess on my part, since (thankfully) I have never had to code such an application.