diff --git a/composer.json b/composer.json
index c51df1ad87..44eef74583 100644
--- a/composer.json
+++ b/composer.json
@@ -36,6 +36,7 @@
         "php": "^7.4 || ^8.0",
         "ext-gd": "*",
         "ext-mbstring": "*",
+        "ezyang/htmlpurifier": "^4.18",
         "mobiledetect/mobiledetectlib": "^3.74",
         "nanasess/mdb2": "^2.5",
         "nanasess/php8-compat": "^1.0",
diff --git a/composer.lock b/composer.lock
index 22e6b8a41b..c2283467a3 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,69 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "ebdd83e60c352fb264ec7b9ef3e6bdee",
+    "content-hash": "913b3fad812f8e13e42e3d0e9cbb40d3",
     "packages": [
+        {
+            "name": "ezyang/htmlpurifier",
+            "version": "v4.18.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ezyang/htmlpurifier.git",
+                "reference": "cb56001e54359df7ae76dc522d08845dc741621b"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/cb56001e54359df7ae76dc522d08845dc741621b",
+                "reference": "cb56001e54359df7ae76dc522d08845dc741621b",
+                "shasum": ""
+            },
+            "require": {
+                "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0"
+            },
+            "require-dev": {
+                "cerdic/css-tidy": "^1.7 || ^2.0",
+                "simpletest/simpletest": "dev-master"
+            },
+            "suggest": {
+                "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
+                "ext-bcmath": "Used for unit conversion and imagecrash protection",
+                "ext-iconv": "Converts text to and from non-UTF-8 encodings",
+                "ext-tidy": "Used for pretty-printing HTML"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "library/HTMLPurifier.composer.php"
+                ],
+                "psr-0": {
+                    "HTMLPurifier": "library/"
+                },
+                "exclude-from-classmap": [
+                    "/library/HTMLPurifier/Language/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-2.1-or-later"
+            ],
+            "authors": [
+                {
+                    "name": "Edward Z. Yang",
+                    "email": "admin@htmlpurifier.org",
+                    "homepage": "http://ezyang.com"
+                }
+            ],
+            "description": "Standards compliant HTML filter written in PHP",
+            "homepage": "http://htmlpurifier.org/",
+            "keywords": [
+                "html"
+            ],
+            "support": {
+                "issues": "https://github.com/ezyang/htmlpurifier/issues",
+                "source": "https://github.com/ezyang/htmlpurifier/tree/v4.18.0"
+            },
+            "time": "2024-11-01T03:51:45+00:00"
+        },
         {
             "name": "mobiledetect/mobiledetectlib",
             "version": "3.74.3",
diff --git a/data/smarty_extends/modifier.script_escape.php b/data/smarty_extends/modifier.script_escape.php
index 99885cd382..c637c522b2 100644
--- a/data/smarty_extends/modifier.script_escape.php
+++ b/data/smarty_extends/modifier.script_escape.php
@@ -1,4 +1,5 @@
 <?php
+require_once __DIR__.'/../vendor/ezyang/htmlpurifier/library/HTMLPurifier.auto.php';
 /**
  * Scriptタグをエスケープする
  *
@@ -50,5 +51,11 @@ function smarty_modifier_script_escape($value)
         $value = preg_replace($pattern, $convert, $value);
     }
 
-    return $value;
+    // 念のために HTMLPurifier でサニタイズ
+    $config = HTMLPurifier_Config::createDefault();
+    $config->set('Cache.SerializerPath', __DIR__.'/../cache');
+    $config->set('Attr.EnableID', true); // id 属性はサニタイズしない
+    $purify = new HTMLPurifier($config);
+
+    return $purify->purify($value ?? '');
 }
diff --git a/tests/class/modifier/Modifier_ScriptEscapeTest.php b/tests/class/modifier/Modifier_ScriptEscapeTest.php
index fa35449aba..c50eb139dc 100644
--- a/tests/class/modifier/Modifier_ScriptEscapeTest.php
+++ b/tests/class/modifier/Modifier_ScriptEscapeTest.php
@@ -2,76 +2,74 @@
 
 /**
  * (省略。アノテーションを認識されるのに必要なようなので記述している。)
- *
- * PHP 8.1 でグローバル変数が消失する不具合を回避するため、下で `backupGlobals` を指定している。本質的には PHPUnit が PHP8 に対応していないのが原因と考えられる。
- *
- * @backupGlobals disabled
  */
 class Modifier_ScriptEscapeTest extends PHPUnit_Framework_TestCase
 {
     public function scriptEscapeProvider()
     {
+        $default_pattern = '/#script escaped#/';
+
         return [
-            ['<script type="text/javascript"></script>'],
-            ['<svg onload="alert(1)">test</svg>'],
-            ['<img onload="alert(1)">test</img>'],
-            ['<body onload="alert(1)">test</body>'],
-            ['<iframe></iframe>'],
-            ['<object></object>'],
-            ['<embed>'],
-            ['\"onclick=\"alert(1)\"'],
-            ['<p onclick="alert(1)">test</p>'],
-            ['<p onsubmit="alert(1)">test</p>'],
-            ['<p style="" onclick="alert(1)">test</p>'],
-            ['<input type="button"onfocus="alert(1)">'],
-            ['<input type="button" onblur="alert(1)">'],
-            ['<input onfocus="alert(1)" type="button">'],
-            ['<body onresize="alert(1)">'],
-            ['<div onscroll="alert(1)">'],
-            ['<div>javascript:test()</div>'],
-            ['<input type="button" ondblclick="alert(1)">'],
-            ['<input type="text" onchange="alert(1);">'],
-            ['<input type="text" onselect="alert(1);">'],
-            ['<form onsubmit="alert(1);">'],
-            ['<input type="button" onkeydown="alert(1)">'],
-            ['<input type="button" onkeypress="alert(1)">'],
-            ['<input type="button" onkeyup="alert(1)">'],
-            ['<input type=\"button\"\nonclick=\"alert(1)\">'],
-            ['<div/onscroll="alert(1)">'],
+            ['<script type="text/javascript"></script>', $default_pattern],
+            ['<svg onload="alert(1)">test</svg>', $default_pattern],
+            ['<img onload="alert(1)">test</img>', $default_pattern],
+            ['<body onload="alert(1)">test</body>', $default_pattern],
+            ['<iframe></iframe>', $default_pattern],
+            ['<object></object>', $default_pattern],
+            ['<embed>', $default_pattern],
+            ['\"onclick=\"alert(1)\"', $default_pattern],
+            ['<p onclick="alert(1)">test</p>', $default_pattern],
+            ['<p onsubmit="alert(1)">test</p>', $default_pattern],
+            ['<p style="" onclick="alert(1)">test</p>', $default_pattern],
+            ['<input type="button"onfocus="alert(1)">', '//'], // HTMLPurifier によって完全に削除される
+            ['<input type="button" onblur="alert(1)">', $default_pattern],
+            ['<input onfocus="alert(1)" type="button">', $default_pattern],
+            ['<body onresize="alert(1)">', $default_pattern],
+            ['<div onscroll="alert(1)">', $default_pattern],
+            ['<div>javascript:test()</div>', $default_pattern],
+            ['<input type="button" ondblclick="alert(1)">', $default_pattern],
+            ['<input type="text" onchange="alert(1);">', $default_pattern],
+            ['<input type="text" onselect="alert(1);">', $default_pattern],
+            ['<form onsubmit="alert(1);">', $default_pattern],
+            ['<input type="button" onkeydown="alert(1)">', $default_pattern],
+            ['<input type="button" onkeypress="alert(1)">', $default_pattern],
+            ['<input type="button" onkeyup="alert(1)">', $default_pattern],
+            ['<input type=\"button\"\nonclick=\"alert(1)\">', '//'], // HTMLPurifier によって完全に削除される
+            ['<div/onscroll="alert(1)">', $default_pattern],
         ];
     }
 
     public function scriptNoEscapeProvider()
     {
         return [
-            ['<p>test</p>'],
-            ['<input type="button">'],
-            ['<p>onclick</p>'],
-            ['<div>test</div>'],
-            ['<textarea>onclick="alert(1)";</textarea>'],
-            ['<p>onclick="\ntest();"</p>'],
-            ['<onclock'],
-            ['<oncl\nick'],
+            ['<p id="test" class="test">test</p>', '<p id="test" class="test">test</p>'],
+            ['<input type="button">', ''], // 許可タグではないのでHTMLPurifier によって完全に削除される
+            ['<p>onclick</p>', '<p>onclick</p>'],
+            ['<div>test</div>', '<div>test</div>'],
+            ['<textarea>onclick="alert(1)";</textarea>', 'onclick="alert(1)";'], // 許可タグではないのでHTMLPurifierによって textarea タグが削除される
+            ['<p>onclick="\ntest();"</p>', '<p>onclick="\ntest();"</p>'],
+            ['<onclock', ''], // 許可タグではないのでHTMLPurifier によって完全に削除される
+            ['<oncl\nick', ''], // 許可タグではないのでHTMLPurifier によって完全に削除される
         ];
     }
 
     /**
      * @dataProvider scriptEscapeProvider
      */
-    public function testメールテンプレートエスケープされる($value)
+    public function testメールテンプレートエスケープされる($value, $pattern)
     {
         $ret = smarty_modifier_script_escape($value);
-        $pattern = '/#script escaped#/';
         $this->assertMatchesRegularExpression($pattern, $ret);
     }
 
     /**
      * @dataProvider scriptNoEscapeProvider
      */
-    public function testメールテンプレートエスケープされない($value)
+    public function testメールテンプレートエスケープされない($value, $actual)
     {
         $ret = smarty_modifier_script_escape($value);
         $pattern = '/#script escaped#/';
         $this->assertDoesNotMatchRegularExpression($pattern, $ret);
+        $this->assertSame($ret, $actual);
     }
 }