Is escaping < and> sufficient to block XSS attacks?

Question

I\'m sure that the answer to this question is No, but I can\'t seem to find a way that simply transforming < and > to < and <

Answer 1

No. Here are a couple of examples where escaping <, >, ', " and & is not enough:

Example 1:

XSS Attack:

myUrl = "javascript:alert(1)"

Example 2:

XSS Attack:

myVar = "1;alert(1)"

See https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet for ways of preventing these attacks.