I think that a rough equivalent to the workaround I posted earlier is going to be the way to go with this. I originally thought about only applying this in some situations where we output an editor, but the issue is actually the content being submitted and what the next page displays, so we essentially need to trigger this globally. (We're not disabling the XSS protector though, so it shouldn't cause any behavior other than returning to the old default for the XSS auditor in Chrome.)