As you can see, XSS attacks are widespread, and many websites suffer from this problem without knowing it. There are other injections attacks, such as SQL injections, that could happen in an API if we don't take minimal security precautions.
