This was bound to crop up eventually
I wish that they'd put some sort of protection against this kind of thing into the HTML spec, some sort of tag to mark a section to be text-only and should not be executed or rendered. To prevent XSS attack, you could always dynamically create a 'check code' at serving time. Or maybe use a length setting. Or both.
Something like this:
The source file would look this:
<NoExecute> (data to be displayed) </NoExecute>
and would be sent to the client as:
<NoExecute check=asgdy8y3894he98hqwdh> (Data to be displayed) </NoExecute check=asgdy8y3894he98hqwdh>
-or-
<NoExecute length=256> (data that has been padded to be 256 bytes in length) </NoExecute>
Something like this would solve a lot of problems and will help alleviate a lot of security issues where the user is allowed to enter arbitrary data.