Yes, Earl, it would be - if it worked. The problem is that it removes the "script" tag itself, but not the script text. There is an open core issue on this. The same problem applies to "style" as well. I started with filter_xss and a custom list of safe tags.
Nancy E. Wichmann, PMP
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Earl Miles <merlin@logrus.com>
To: development@drupal.org
Sent: Thu, June 10, 2010 5:58:02 PM
Subject: Re: [development] Strip_tags and JS
On 6/10/2010 12:39 PM, Jamie Holly wrote:
> $text= preg_replace('/<script.*?<\/script>/xmsi', '', $text) should do
> the trick.
$text = strip_tags(filter_xss_admin($text)) is easier.