janharders - 11:57 am on Nov 3, 2010 (gmt 0)
My main concern (at least the one I'm aware of) is whether it's possible for the unscrubbed text in the temporary file to contain any kind of exploit that could subvert or hijack the Perl <> operator while it reads the file, or subvert or corrupt HTML::Scrubber's processing of the text as it strips the tags.
You should be safe. Personally, I don't think you need to strip php tags etc, just always use the html_entities() function in php when you output to a website. There might be legit cases where someone wants to paste code but is not trying to attack your website.