Using jQuery you can strip all the script tags like this:
< script src="scripts/jquery.min.js"></script>
< script type="text/javascript">
$().ready( function() {
var html = document.body.innerHTML;
$html = $(html);
$html.remove("script");
alert($html[0].outerHTML);
});
</ script>
If you use regex approaches be aware that code like Thierry's doesn't capture things like extra leading spaces on tags.
Also be aware that there are many more attack vectors than script tags - javascript inside of HREF links, object tags form tags that can point at script etc.
For some rudimentary discussion of what's involved at minimum take a look at this post where I tackle server side cleanup of HTML using HtmlAgilityPack.
http://www.west-wind.com/weblog/posts/2012/Jul/19/NET-HTML-Sanitation-for-rich-HTML-Input+++ Rick ---
>I am grabbing the content of the actual page and dumping that into a DIV area inside the parent. I do it like this:
>
>
>window.parent.oDiv.innerHTML=document.body.innerHTML
>
>
>When I do this, it grabs as well the script. What kind of approach can I use so that the script will not be included?