Making a string safe by removing all javascript codes and events

I want to remove all javascript codes from a string that contains html code.

For example these are some unwanted javascript codes that may cause problems on your website:

<div onmouseover='window.location = "http://To-Undesirable-Location"'></div>

or

<img onload='window.location = "http://To-Undesirable-Location"'></img>

or

<script language="javascript> ...unwanted code... </script>

Since hackers can use this js functions to redirect your page to some unwanted pages I wonder w开发者_JAVA百科hy there are not some good source to make this type of content safe... On any website there are usually a simple WYSIWYG editor that users can put their html content inside it.

Thanks

I've heard good things on Stack Overflow about HTML Purifier.