And I guess you should strip all links that start "javascript:" - arghhhh.

So I guess we'd need to add something like:

# javascript:
$text =~ s/(["'])\s*javascript:.*?\1/"'/gis;

# event handlers (on + 4 chars is min length)
$test =~ s/\bon\w{4,}\s*=\s*(['"]).*?\1//gis;
[download]

Untested, but I think that might do the trick...

Have I missed anything?

cLive ;-)

Duh, I forgot all about javascript urls.

I don't know what the purpose of this particular application in question is but it may be a good idea to yank object and applet tags as well.

-Lee

"To be civilized is to deny one's nature."