I had this kind of risk in mind when I wrote a server-side "HTML template" feature for Racket.

The template language intentionally only handles static chunks of HTML, escaping of values, and a little safety guards.

Everything else (including the usual template language behavior like iterating over a collection/stream, such as from a database query result) is done with arbitrary normal Racket language, which the template feature's implementation doesn't have to know about nor handle specially.

https://www.neilvandyke.org/racket/html-template/

More recently (for employability reasons, or under-resourced startup pragmatics), doing Python with Flask, JavaScript with SvelteKit, and Swift with SwiftUI, I still miss the clean simplicity and available power that I had with Scheme/Racket.