Striping javascript from HTML

[kirogl]

Hi all,

      I'm currently writting a wiki style system useing FCKeditor to accept user input, however in the intrests of security I want to remove any possablity of the user adding Javascript. Strip_tags isn't an option as I want to keep the HTML.

 

      So... is their anyway of stripping the javascript (including onMouseOver, <script></script> and <a href="javascript(...  )  tags from a string?

      Or... is their anyway of disableing the "edit source" button in the FCKeditor editor?

 

option 1 would be best (so users can add embed tags, like youtube video's etc.) but it feels overly complex.