That seems like it's doing a LOT more than what you'd want a sanitizer to do. For HTML you really just want to escape a couple characters with special meaning. You probably can get away with just replacing < and > with their substitution sequences.
That way people can still discuss XSS exploits without your sanitizer deleting a bunch of the text they entered on purpose.
That way people can still discuss XSS exploits without your sanitizer deleting a bunch of the text they entered on purpose.