Cross site scripting attacks or XSS are still one of the most common ways to attack a website. If you're not properly sanitizing your inputs then you too could be vulnerable. Thank goodness that Content Security Policy headers came along to offer us a powerful tool to avoid falling pray to these attacks.
Resources
CSP header generator http://cspisawesome.com/