For a simple solution I'd encode all < and > signs, and then very selectively deencode for a selective subset. Don't know how all modules proposed above do it (I guess they do it like this), but that way you act in accordance with a 'default denial stance' that is commonplace in security-land.