Thank you, Jamie. I had already started building a filter and you statement worked better than my big loop.   Nancy E. Wichmann, PMP Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr. ________________________________ From: Jamie Holly <hovercrafter@earthlink.net> To: development@drupal.org Sent: Thu, June 10, 2010 3:39:19 PM Subject: Re: [development] Strip_tags and JS $text= preg_replace('/<script.*?<\/script>/xmsi', '', $text) should do the trick. Jamie Holly http://www.intoxination.net http://www.hollyit.net On 6/10/2010 3:10 PM, nan wich wrote: It appears that javascripts are not stripped by strip-tags because they are actually between tags, not part of a tag. Does anyone have any magic to strip the scripts out too?

  Nancy E. Wichmann, PMP Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.

Yes, Earl, it would be - if it worked. The problem is that it removes the "script" tag itself, but not the script text. There is an open core issue on this. The same problem applies to "style" as well. I started with filter_xss and a custom list of safe tags.   Nancy E. Wichmann, PMP Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr. ________________________________ From: Earl Miles <merlin@logrus.com> To: development@drupal.org Sent: Thu, June 10, 2010 5:58:02 PM Subject: Re: [development] Strip_tags and JS On 6/10/2010 12:39 PM, Jamie Holly wrote:

$text= preg_replace('/<script.*?<\/script>/xmsi', '', $text) should do the trick.

$text = strip_tags(filter_xss_admin($text)) is easier.