If you have some HTML input submitted from a user to your application, before saving it to the database, you may want to strip all <script> tags so that you can prevent cross site scripting attacks and other potential issues.

Below we use a Regular Expression to strip the script tag out of a variable.

1

$html = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);