XSS filter (PHP)

I just have a question about XSS filters, although it's not about escaping them. I've found quite many sites with forms that allow HTML tags with a length of 3 characters to pass through the filter but remove all other ones. For example, the <u>, <b> and <i> tags get through but <br>, <script>, <iframe> and <img> do not.

What PHP function are the sites using, or is it just some kind of filter that they've written themselves? It could of course be strip_tags(), but then they must've set the filter argument to accept all of the short tags (and I can't see why anyone would do that in for example a registration form or search box…)

As I said, I've seen this on quite many sites so it's not just a single system that uses this solution… Any thoughts or ideas will be much appreciated B)

either they have they're own custom function.

or its strip_tags($string, "<br><img><p>") etc

Sounds like failed RegEx to me.

Mr_Cheese wrote: or its strip_tags($string, "<br><img><p>") etc I don't think so, since all tags I've tried have been blocked except for the shortest possible ones. I suppose it's either a custom function that many people use or a failed Regex then…

Thanks Cheese and Spyware ^^