False positive 'abc < abcd'

[timmit-nl]

We conducted a pentest on our software and this was a false positive that came out:

What is this feature about (expected vs actual behaviour)?

If there is a < followed by a-z it is changed by xss_clean to for example: 'test1 < test2' becomes: 'test1 < test2' But 'test1 > test2' will stay 'test1 > test2'

How can I reproduce it?

$test = 'test1 < test2';

$antiXSS = new \voku\helper\AntiXSS();

$testResult = $antiXSS->xss_clean($test);

if($test!==$testResult){
    echo 'failed';
}
if($antiXSS->isXssFound()){
    echo 'false positive';
}

Does it take minutes, hours or days to fix?

I really don't know, If I understand the packages better I maybe could write a fix, but I don't know where to start...

Any additional information?