I'm having a debate with one of my colleagues over how to prevent an XSS attack through the encoding of specific characters. Will escaping the <
character with <
do the trick?
When I review the attack vector cheat sheet published by OWASP, it seems that all attacks use the <
character as the basis of execution.
If this does not work, what attack would beat it?