XSLT escape all entities except <p> <br> <b> <a>

[doing007]

I have a small problem with xslti have this text\[code\]newline<br /> <br /> newline<br /> <br /> <br /> newline<br /> <br /> <br /> newline<br /> <br /> <b>asdasdasd</b><br /> <br /> <script>alert(0)</script>\[/code\]I want to escape all entities except \[code\]<p> <br> <b> <a>\[/code\], therefore when i use\[code\]<xsl:value-of select="page/@post_content" disable-output-escaping="yes"/>\[/code\]to be able to bold text, insert an link ... etc, but \[code\]<script>\[/code\] tag to be escaped but not stripped with strip_tags ... but when i let \[code\]disable-output-escaping="yes"\[/code\] i get a message, so there is XSS vulnerability here ...my php code is\[code\]$hrefs->item(0)->setAttribute("post_content",nl2br($PostContent));\[/code\]So how can i do this?PS : I'm very concerned about security! Thanks.