Captain Obvious here again. Doesn't all this go away if you use Javascript to inject untrusted text directly into the DOM rather than rendering it as HTML which is then interpreted by the browser?
And if so, it seems to me that there's a fairly obvious way to build that directly into templating engines and meta-languages like HAML.
That would work, but with the downside of lowering the accessibility of your site. Not everyone has JavaScript enabled, and so dynamic insertion of text wouldn't be accommodating to them.
That's true for people that don't need alternate browsers. It's like, "why build wheelchair ramps outside of businesses when 99.99% of people are able to walk up steps?"
And if so, it seems to me that there's a fairly obvious way to build that directly into templating engines and meta-languages like HAML.