Why Can't We Have Some AntiXss Literal Html Tag

Nowadays I am learning about web security, XSS, etc. As XSS basically targets a client-agent (web browser) by injecting some malicious code that is executed by the web browser as i

Solution 1:

Suppose the contents of the text supplied by the attacker was:

</ltrl>
<script type="text/javascript">alert('You have been xssed');</script>
<ltrl>

the total markup would be

<ltrl>
</ltrl>
<script type="text/javascript">alert('You have been xssed');</script>
<ltrl>
</ltrl>

and your defence has been trivially breached.