Include XSS prevention in REST API examples

[DavidWhitlock]

Even though classes like AirlineServlet do not output HTML, the code really should do something to protect against XSS attacks. It would be a good example.

Here are some ideas from OWASP:

https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html#htmljavascriptcss

[DavidWhitlock]

Considering using https://owasp.org/www-project-java-html-sanitizer/