Does this set of regular expressions FULLY protect against cross site scripting?

Question

What\'s an example of something dangerous that would not be caught by the code below?

EDIT: After some of the comments I added another line, commented below. See V

Answer 1

As an example of an attack that makes it through this:

Shameless plug: The Caja project defines whitelists of HTML elements and attributes so that it can control how and when scripts in HTML get executed.

See the project at http://code.google.com/p/google-caja/ and the whitelists are the JSON files in http://code.google.com/p/google-caja/source/browse/#svn/trunk/src/com/google/caja/lang/html and http://code.google.com/p/google-caja/source/browse/#svn/trunk/src/com/google/caja/lang/css