Users Posting HTML Concerns

[GB_001]

Hello,

On my site I am allowing users to post HTML and I'm in the planning phase.

I'm already written REGEX to get rid of <script> and <frame> tags, but I have ran into a problem regarding <embed> it seems as though in browsers such as chrome <embed> acts like an <iframe> tag.

 

The problem is that with this sort of behavior users may link to potentially harmful sites like infinite alert boxes ect.

How will I bee able to make sure users don't embed websites instead of flash?

 

Alternate Question:

Also if I do allow users to include websites, how could I disable alert boxes?