removing javascript from a HTML file dynamically

[ASP.Confused]

I am designing a forum system, and I would like to know if there is a script
somewhere that can parse an HTML response, and remove javascript.

I would like to do this so that I don't have hackers attempting to take over
the client's browser. I have my code to the point that it will remove all
script tags, and anything between them, but I have no idea how to remove the
"on-" events (for example, omouseout, onmouseover, etc...)

Also, I would like to remove any references to the position attribute of an
element's style. This is proving to be difficult, because there are various
ways it could be embedded into the script. For example,

<div style="position: absolute; left: 0px; top: 0px; height: 100000; width:
100000"></div>

renders the same as:

<div style="#$&%&@*%position: absolute; left: 0px; top: 0px; height: 100000;
width: 100000"></div>

and renders the same as:

<div style="position#$&%&@*%: absolute; left: 0px; top: 0px; height: 100000;
width: 100000"></div>

which makes it kinda hard to parse out the position attribute, which would
force me to filter out the word "position" from the entire document, which
is not acceptable.

Got any suggestions?

 

[ASP.Confused]

Already figured it out...Thanks anyways.

 

[Bullschmidt]

And of course to disable all HTML tags and JavaScript to and perhaps
later just show the code as text:

varFld = Server.HTMLEncode(varFld)

Best regards,
J. Paul Schmidt, Freelance ASP Web Developer
http://www.Bullschmidt.com
Classic ASP Design Tips, ASP Web Database Demo, ASP Bar Chart Tool...

 

[ASP.Confused]

Thanks! I'm actually designing a rich text forum, so that snippet of code
won't help me out immediately. Also, no one will be using the forum to post
code, but I will look into adding that at a later date.