I will simply review performance and naive security checks, since writing a disinfectant is not something you can do on the corner of the table. If you want to save time, do not call replace() several times if you replace the same value, which leads to the following:
function safe_content( text ) { text = text.replace( /<script[^>]*>.*?<\/script>|(<\/?p[^>]*>)/gi, '' ); text = text.replace( /'|'|[\u2019]/g, '’'); text = text.replace( /"|"|"|[\u201D]/g, '”' ) text = text.replace( /([\w]+)=&#[\d]+;(.+?)&#[\d]+;/g, '$1="$2"' ); return text.trim(); };
If you take into account dan1111's comment about a strange line input that violates this implementation, you can add while(/foo/.test(input)) to avoid the problem:
function safe_content( text ) { while(/<script[^>]*>.*?<\/script>|(<\/?p[^>]*>)/gi.test(text)) text = text.replace( /<script[^>]*>.*?<\/script>|(<\/?p[^>]*>)/gi, '' ); while(/'|'|[\u2019]/g.test(text)) text = text.replace( /'|'|[\u2019]/g, '’'); while(/"|"|"|[\u201D]/g.test(text)) text = text.replace( /"|"|"|[\u201D]/g, '”' ) while(/([\w]+)=&#[\d]+;(.+?)&#[\d]+;/g.test(text)) text = text.replace( /([\w]+)=&#[\d]+;(.+?)&#[\d]+;/g, '$1="$2"' ); return text.trim(); };
in standard tests this will not be much slower than the previous code. But if input is entered into the scope of the dan1111 comment, it may be slower. See perf demo