/** Remove HTML tags (except those enumerated) to protect against XSS/code injection attacks @return mixed @param $_input string @param $_tags string @public **/ public static function scrub($_input, $_tags = NULL) { if (is_array($_input)) { foreach ($_input as $_key => $_val) { $_input[$_key] = self::scrub($_val, $_tags); } } if (is_string($_tags)) { $_tags = '<' . implode('><', explode('|', $_tags)) . '>'; } return is_string($_input) ? htmlspecialchars(F3::fixQuotes(strip_tags($_input, $_tags)), ENT_COMPAT, F3::$global['ENCODING'], FALSE) : $_input; }