Does this set of regular expressions FULLY protect against cross site scripting?

Question

What\'s an example of something dangerous that would not be caught by the code below?

EDIT: After some of the comments I added another line, commented below. See V

Answer 1

Take a look at the XSS cheatsheet at http://ha.ckers.org/xss.html it's not a complete list but a good start.

One that comes to mind is

You also forgot onmouseover, and the style tag.

The easiest thing to do really is entity escaping. If the vector can't render properly in the first place, an incomplete blacklist won't matter.