Modern extensions should use RL for all js (There's some legit exceptions, but none are used on publically-editable WMF wikis). Thus parser hooks should not output any inline scripts. Since the largest attack surface for XSS in MW is the parser, I think it might make sense as a defense-in-depth to check the parser output for script tags, javascript: href attributes, and onfoo event handler attributes.
Any blacklist probably won't be bulletproof, but combined with logging, might allow us early detection if someone found a hole but hasn't fully figured out how to exploit it, and also might increase the skill level someone needs to exploit a hole.
If we eventually use CSP, which blocks inline event handlers/javascript urls - this becomes important, as we can't block <script> with CSP as its impossible to distinguish legit loads of user js from someone exploiting an XSS to load a malicious user's js.