So this sounds like a very basic question, but I seem to find very little information about it online.
I imagine a simple replace with regex, something like
replaceAll("\\<.*?>", "") but is it really sufficient? Isn't there a widely accepted 'best' way to do this?
This is mainly to prevent script injections, so is replacing a script tag really all that is necessary?
Is there any added thing that can be done via Client-side script itself to prevent it before it even reaches the server?
EDIT: To be clear. Users shouldn't be able to enter HTML at all regardless. These are text inputs for names, emails, descriptions, etc.