When writing custom modules, few functions are as useful as filter_xss(). In a nutshell, this function protects your web site from both malicious HTML and unwanted tags.
The function takes some text and, in effect, "cleans" it based on some very simple rules. First and foremost, it makes sure any HTML elements, tags, and attributes are well-formed. It also removes any non-standard characters and constructs that can trick browsers. Finally, it can remove any HTML tags depending on an argument passed to the function.