> If you use regex approaches be aware that code like Thierry's doesn't capture things like extra leading spaces on tags.
HTML read from the DOM (e.g. innerHTML) should be / is sanitized on any browser
Note: the code I posted was from Prototype.js, not mine ... ;)
Thierry Nivelet
FoxinCloud
Give your VFP application a second life, web-based, in YOUR cloud
http://foxincloud.com/Never explain, never complain (Queen Elizabeth II)