I've been reading on php.net about the strip_tags function, and it seems that many people have been writing their own function. Is this because a malicious user could put something like <b onmouseover="for(i=0;i<100;i++) window.open('www.somesite.com');">Long message...</b> or would strip_tags prevent this? What do you think of strip_tags() vs writing your own function?