php - Text sanitization Issue -

i added code site have text sanitization:

var re = /(<([^>]+)>)/gi;         (i=0; < arguments.length; i++){         arguments[i].value=arguments[i].value.replace(re, "");         } 

but somehow people able use tag , still able post pics on website through text area. please let me know if have code wrong.

ps: users getting away tags well.

never trust input data. user can use curl or else , send http post request data in body want server. therefore have rule validate data @ server side before saving database.

you can introduce client-side validation though improve user experience anyway have validate input @ server side when request received.

---

update:

i see tagged question php tag, if server-side application written in php, can use html purifier sanitize input data , avoid xss, etc. if use php framework have own wrapper html purifier. example yii framework has it.