XSS Prevention in classic asp with CKEditor input

Question

I am currently working on a classic asp project and am using the CKEditor plugin to get user input. I want to try and prevent XSS attacks in my project. Removing the script tags is easy, the tricky part is dealing with the attributes within html tags without removing the tags completely.
I found a lot of javascript based solutions but i want my code to be on the server side for security reasons.

I tried a simple replace method like so:

CleanedHTML = Replace(HTML,"onmouseover","[removed]",1,-1,1)

But this will also remove the word if it is not between tags.

I have gone thru OWASPs website and I also have a function which removes all tags that i found here but i can't use it since i want to allow users to enter links, images etc. Is there any safe way to accomplish this?