wysiwyg.php

<?php
function secure_wysiwyg($filter)
{
	$badattr = array('onclick="' => 'void="',
	                 'onmouseover="' => 'void="',
	                 'onload="' => 'void="',
	                 'onblur="' => 'void="',
	                 'onfocus="' => 'void="',
	                 'class="' => 'void="',
	                 'id="' => 'void="',
	                 'style="' => 'void="',
	                 'onchange="' => 'void="',
	                 'ondblclick="' => 'void="',
	                 'onsubmit="' => 'void="',
	                 'onkeydown="' => 'void="',
	                 'onkeyup="' => 'void="',
	                 'onkeypress="' => 'void="',
	                 'onmouseout="' => 'void="',
	                 'onmousemove="' => 'void="',
	                 'onmousedown="' => 'void="',
	                 'onmouseup="' => 'void="',
	                 'onreset="' => 'void="',
	                 'onselect="' => 'void="',
	                 'onunload="' => 'void="',
	                 'prompt="' => 'void="',
	                 'title="' => 'void="',
	                 'href="javascript:' => 'href="http://');

	$safetags = "<h1><h2><h3><div><img><br><a><strike><i><b><u><hr><ul><li><ol><sup><sub><blockquote>";
	$filter = str_replace(array_keys($badattr), array_values($badattr), strip_tags($filter, $safetags));
	
	return $filter;
}