X-Cart:Using Active Content
When the 'Allow this provider to use active content on product pages' option on the provider profile page in the admin section is enabled, this provider becomes trusted and can use active content without any validation.
When this option is disabled, the provider is 'untrusted'. When such a provider imports or updates data, the following data from this provider will be filtered to exclude the possibility of an XSS attack:
- product descriptions (including international descriptions);
- extra fields values.
- Product Configurator data
- manufacturers data
- special offer promo texts
When an untrusted provider imports data, all the HTML tags are excluded.
In case the data have already been entered or modified by the admin, and the option 'Allow this provider to use active content on product pages' is disabled (the provider becomes untrusted), data/values of the fields defined above will be filtered before being displayed in the customer area.