@bex: Offhand… I can think of no good reason why a non-trusted user should be allowed to use more than 5-10 safe HTML tags. If I’m wrong, I’d like to see what you think the requirements are.
Name them. I will bet you a contrite apology that someone will add an 11th that they’d want within 5 minutes.