Demo of HTML sanitizer in JS, using whitelist based approach. Nothing is allowed through that isn't recognized as safe; anything else is simply HTML encoded, optionally with hints as to how to fix it (for use in authoring interfaces.) Proof of concept; validators need some cleanup and the code style is moderately atrocious. I guess I hadn't yet developed an allergy to global variables in 2008.
Sample text and image are from Wikipedia, licensed from various authors under the Creative Commons Attribution Share-Alike 3.0 license.