Is my site safe from XSS if I replace all '<' with '<'?
I'm wondering what the bare minimum to make a site safe from
If I simply replace < with < in all user submitted content, will my site be safe from
Depends hugely on context.
Also, encoding less than only isn't that flash of an idea. You should just encode all characters which have special meaning and could be used for XSS...
For a trivial example of where encoding the less than won't matter is something like this...
Welcome to Dodgy Site. Please link to your homepage.
Malicious user enters...
http://www.example.com" onclick="window.location = 'http://nasty.com'; return false;
Which obviously becomes...
<a href="http://www.example.com" onclick="window.location = 'http://nasty.com'; return false;">View user's website</a>
Had you encoded double quotes, that attack would not be valid.