As opengeek has mentioned above
, MODx itself sanitizes all the requests trough its index.php gateway, with an option.
What I mean about ’3rd party’ is the part of your scripts that does not belong to MODx (+extras) and your own script.
I’ve never used http://developer.authorize.net/
, but keep your eyes on their security notifications
To simplify your work, you can use some ready-to-use 3rd party classes to sanitize your input.
I’ve used htmLawed
I bet you’re using other scripts for several purposes, like Member Management, or Newsletter.
If you’re using those scripts that you find from internet (like from http://phpclasses.org
), audit the code.
Or, are you asking about the ’webroot’?