If in the contact form write "My name is sibas <script>"
then says that the form is send it to email! Although is not send any email
by add this line
$name = strlen($name) > 1 ? clean(cleanXSS($name)) : null;
strips the <script> and send as normal the email!
I mean why clean(cleanXSS()) or strip_tags has removed from contact?