Is it feasible to prevent all XSS attacks on the front-end by filtering out <
from user-generated content? This method appears straightforward in disabling harmful code, especially since I currently do not encounter any scenarios where <
needs to be retained. Can this approach effectively thwart all XSS attacks?
My typical method of displaying user content involves rendering it as inner HTML, for example:
<div>{USER CONTENT}</div>