So, even though you strip out the <script> tags, the scripts are still there, right? Because the code is still around to call, such as at onLoad, or a setTimeout() call, right? Are they "hidden" to such a degree that other scripts can't see them or find them? Can they be found when in XUL mode scripting? Inquiring minds want to know.