If you have some HTML input submitted from a user to your application, before saving it to the database, you may want to strip all
<script> tags so that you can prevent cross site scripting attacks and other potential issues.
Below we use a Regular Expression to strip the script tag out of a variable.
Code language: PHP (php)
$html = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);