For my web site, I wrote a perl module that cleans up user submitted html, by only allowing sanctioned html tags to pass through. So, you can allow <P> and <b> but not anything else if you wanted.

I intended to submit it to cpan, but never had the time. Anyway, you can download it here: HTMLCleaner.pm. It's got pod documentation. And if anyone wants to develop it, they are free to do so.