A friend pinged me yesterday with a problem. His site allowed folks to post content with HTML, and while in general this worked fine, some users were posting content with Flash. He wanted to prevent this from being added to the content.
Now - the brute force fix is to simply htmlEditFormat() the code, but that would remove all HTML, not just the unwanted tags.
Luckily, there is a solution. My friend (and all around generally smart guy who needs to blog more) Nathan Dintenfass created a UDF named SafeText. This UDF will either remove or replace the following tags:
SCRIPT, OBJECT, APPLET, EMBED, FORM, LAYER, ILAYER, FRAME, IFRAME, FRAMESET, PARAM, META
His code will also remove JavaScript events as well. You can configure the UDF to specify exactly what you want to remove if you don't want the defaults.