This post is more than 2 years old.
A friend pinged me yesterday with a problem. His site allowed folks to post content with HTML, and while in general this worked fine, some users were posting content with Flash. He wanted to prevent this from being added to the content.
Now - the brute force fix is to simply htmlEditFormat() the code, but that would remove all HTML, not just the unwanted tags.
Luckily, there is a solution. My friend (and all around generally smart guy who needs to blog more) Nathan Dintenfass created a UDF named SafeText. This UDF will either remove or replace the following tags:
SCRIPT, OBJECT, APPLET, EMBED, FORM, LAYER, ILAYER, FRAME, IFRAME, FRAMESET, PARAM, META