While playing with CodeIgniter I bumped into its xss_clean function. Found this article on StackOverflow that discusses its use. Basically I don’t think I’ll be using it, rather I will be HTML encoding my data for inclusion in HTML output. Still have the sticky issue of what to do with comments, because in comments I allow for HTML. Maybe xss_clean will be useful there..? I’ll look into it a little more further down the track.