Redactor Executes Javascript


I tried the Redactor-Extension for Yii and inserted this example-code into the redactor html-view:

<p onclick="javascript:window.location.hash='!/var1/var2/';">Lorem ipsum<b> dolor sit amet</b></p>

The JavaScript part is going to be executed in the WYSIWYG-View. This could be a potential security risk. If someone can insert malicious JavaScript code in this field he can take the control of cookies/browser-session, everything.

Is there any way to prevent Javascript from being executed in redactor?