I've been struggling with finding the best way to clean user-contributed posts on submit, for security purposes. Posting with the form will only be available for logged-in users.
Basically, I've got a few custom fields in addition to the normal title/content that is being created on form submit, and I want to make sure that neither malicious users nor bots can inject any Bad Code or tags.
My thinking is that the best way to do this is to leverage KSES (see examples here) to do so, using a filter. As far as I can figure out, this
would be the way to go, but the next step -- actually applying that filter to the three custom fields that users will be filling in on the gravity form -- is where I get a little lost. I understand I need a custom function in functions.php -- I'm reasonably capable with that sort of thing -- but hooks and filters still mystify me a bit.
Any help would be much appreciated. I'm pretty sure it's not all that hard, but my I can't quite get my head around it.