Difference between revisions of "X-Cart:Using Active Content"
(Created page with '{{XC Pro}} A provider can use active content (that is unfiltered HTML and Javascript in product descriptions and extra field values and validation Javascript in Product Options).…') |
m |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | {{XC Pro}} | + | {{XC Pro}}{{XC Platinum}} |
− | + | In X-Cart PLATINUM and PRO editions, providers can be allowed to use active content. Active content is unfiltered HTML and Javascript in product descriptions and extra field values and validation Javascript in Product Options. | |
When the <u>'Allow this provider to use active content on product pages'</u> option on the provider profile page in the admin section is enabled, this provider becomes trusted and can use active content without any validation. | When the <u>'Allow this provider to use active content on product pages'</u> option on the provider profile page in the admin section is enabled, this provider becomes trusted and can use active content without any validation. | ||
Line 21: | Line 21: | ||
{{Note1|Important! Enabling/disabling the 'Allow this provider to use active content on product pages' option does not change the data in the products of the providers. Only the provider profile is changed. }} | {{Note1|Important! Enabling/disabling the 'Allow this provider to use active content on product pages' option does not change the data in the products of the providers. Only the provider profile is changed. }} | ||
+ | |||
+ | [[Category:X-Cart user manual]] |
Latest revision as of 17:47, 8 October 2012
In X-Cart PLATINUM and PRO editions, providers can be allowed to use active content. Active content is unfiltered HTML and Javascript in product descriptions and extra field values and validation Javascript in Product Options.
When the 'Allow this provider to use active content on product pages' option on the provider profile page in the admin section is enabled, this provider becomes trusted and can use active content without any validation.
When this option is disabled, the provider is 'untrusted'. When such a provider imports or updates data, the following data from this provider will be filtered to exclude the possibility of an XSS attack:
- product descriptions (including international descriptions);
- extra fields values.
- Product Configurator data
- manufacturers data
- special offer promo texts
When an untrusted provider imports data, all the HTML tags are excluded.
A validation Javascript field for Product Options is not displayed to untrusted providers.
In case the data have already been entered or modified by the admin, and the option 'Allow this provider to use active content on product pages' is disabled (the provider becomes untrusted), data/values of the fields defined above will be filtered before being displayed in the customer area.
Validations Javascript code for Product Options will be ignored.