Ensure all pid and querystring parameter values are sanitized properly (frontend api)

[jrynhart]

Endpoints were tested for ES code injection, no vulnerabilities found but they should be sanitized properly anyway