XSS Prevention in CGI

The attached code is a function that plugs XSS vulnerabilities in a CGI app I'm working on. See http://en.wikipedia.org/wiki/XSS for a good definition of XSS.

This function escapes characters that are not found in the constant XXSS_ALLOWED_CHARS.

I'd like to optimize this in several ways, ordered by importance:
This function needs to filter all characters that can be used for XSS vulnerabilities (i.e. I need to prevent someone from putting html and/or javascript into a search query and having it executed.) I want to do this by escapeing the character rather than removing the character.

Optimize for speed/memory usage, etc.

I'd like to not use the Microsoft.VisualBasic namespace if possible.

Thanks for any help or other pointers I get.

VB Code:

Public Function XXSSFilter(ByVal UnfilteredText As String) As String
        Const XXSS_ALLOWED_CHARS As String = " !$%*+,-./0123456789:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\^_abcdefghijklmnopqrstuvwxyz|~"
        'Filters strings to be sent to the client. Used to prevent XSS vulnerabilities
        'Only certain characters need to be escaped.
 
        Dim i As Integer
        Dim sBuffer As String = ""
 
        With UnfilteredText
            'split the string into charachters. check if each character is in XCODE_ALLOWED_CHARS.
            'if not, replace [character] with '&#[character #];'
            For i = 0 To .Length - 1
                If InStr(XXSS_ALLOWED_CHARS, .Chars(i), CompareMethod.Binary) = 0 Then
                    'escape the character
                    sBuffer += "&#" & Asc(.Chars(i)) & ";"
                Else
                    'pass the character
                    sBuffer += .Chars(i)
                End If
            Next
 
            Return sBuffer
        End With
    End Function