There are plenty of things that will be missed with your regex. For instance, all of the onclick/focus/load/etc events.

Have a look at HTML::StripScripts::Parser, which allows you to customise the HTML / CSS that you would like to allow, while removing XSS attacks.

Clint