If you need to take this approach then why not remove everything apart from alphanumerics and the space character? i.e. go for a whitelist rather than a blacklist. You do not know how standards in HTML and JavaScript may change in future so only allow the characters likely to be good instead of disallowing known bad.

I do not necessarily have control over how the document.title may be used in other scripts, so I want to ensure that I do some sanitization in the least destruction matter, but avoid possible scenarios where the way the variable is later processed could possibly be decoded in such a way it latter becomes XSS.

My question to you is who does have control? Of course the correct way to handle this is to correctly output encode when output to the page - I'm just wondering why this is not an acceptable solution for your system. If you cannot control other scripts, how do you know they are secure in other ways?

If you need to take this approach then why not remove everything apart from alphanumerics and the space character? i.e. go for a whitelist rather than a blacklist. You do not know how standards in HTML and JavaScript may change in future so only allow the characters likely to be good instead of disallowing known bad.

I do not necessarily have control over how the document.title may be used in other scripts, so I want to ensure that I do some sanitisation in the least destruction matter, but avoid possible scenarios where the way the variable is later processed could possibly be decoded in such a way it latter becomes XSS.

My question to you is who does have control? Of course the correct way to handle this is to correctly output encode when output to the page - I'm just wondering why this is not an acceptable solution for your system. If you cannot control other scripts, how do you know they are secure in other ways?

Replacing <script> does not stop scripts from being embedded. There are lots of other ways to inject script. e.g.

<img src="x" onerror="alert('xss')" />