When user put
<script>alert('Hello');</script>
on my site ie on comments section its translated: <script>alert('Hello');</script>
is it enough to avoid xss attack on my site?
If you convert every < to < and every > to >, it will prevent the user to enter any html tag. So it is enough.