Using KSES to clean user input

Hey guys,

I've been struggling with finding the best way to clean user-contributed posts on submit, for security purposes. Posting with the form will only be available for logged-in users.

Basically, I've got a few custom fields in addition to the normal title/content that is being created on form submit, and I want to make sure that neither malicious users nor bots can inject any Bad Code or tags.

My thinking is that the best way to do this is to leverage KSES (see examples here) to do so, using a filter. As far as I can figure out, this

add_filter('custom_field_content','wp_filter_kses');

would be the way to go, but the next step -- actually applying that filter to the three custom fields that users will be filling in on the gravity form -- is where I get a little lost. I understand I need a custom function in functions.php -- I'm reasonably capable with that sort of thing -- but hooks and filters still mystify me a bit.

Any help would be much appreciated. I'm pretty sure it's not all that hard, but my I can't quite get my head around it.

Thanks!

Do all fields need to be kses'd or sanitized like that, or does GravityForms handle some? I haven't been filtering my post fields, or for example, an Address Field that I add to meta data. I haven't gone live yet, so do I need to sanitize everything, or perhaps just the meta data?