Hi Martin,
not sure if this is what you need, but there is a function in the community commons:
XSSSanitize - Removes all potential dangerous HTML from a string so that it can be safely displayed in a browser. This function should be applied to all HTML which is displayed in the browser and can be entered by (untrusted) users.