Possibly overlooked, but easily plugged in (though non-module) is the approach the the Everything engine does. You can find it in their code, the upshot being that besides the conversion of the typical HTML symbols to the &###; variety, it also limits what HTML tags you can accept in an HTML field (including none), as well as the ability to limit what attributes in those tags are accepted.

Mind you, I yet to see of a good DBI frontend that does any other preparsing beyond that of meta-quoting.

---

Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain