The store has the functionality to change the name, phone number and email. The data is sent to my server. I am using API to change account details.
Should I do additional data validation before submitting via the API to avoid the threat of XSS, etc.? I would like to make sure the store is protected. If I have to do additional protection, I would appreciate any advice.