There is no permanent cure for any attack surface in a given technology. Security is an ongoing effort and requires deep understanding of the underlying platform.

If "writing HTML" exposes cross-site scripting vulnerabilities on your site, then maybe "writing HTML" isn't so easy after all.