I think your first problem is whitelisting HTML entities. Unless you're composing HTML-formatted email, it's usually better to use a different markup syntax like a minimal markdown or asciidoc that can safely be escaped.
I agree, although for non-technical users, the better wysiwyg editors are still HTML based, unless you have a recommendation for an in-browser wysiwyg editor that returns/exports markdown?
