incrediBILL - 9:55 pm on Nov 14, 2011 (gmt 0)
The problem with just stripping it out is if a user has a legitimate reason for using that text, they can become frustrated. I've bumped into it on forums before, and it's really, really annoying.
Easily solved where UGC that needs to go through unfiltered. The author can be place that code between a couple of tags in the identifying it as code which allows the filtering process to sandbox that code and filter everything around it, then pass it through unprocessed and don't execute it either.
Translating <'s and >'s to <'s and >'s in the UGC tagged code pretty much neuters any embedded HTML for the sandboxed code.
It's all about cross the T's and dotting the I's. ;)