As opengeek has mentioned above
, MODx itself sanitizes all the requests trough its index.php gateway, with an option.
What I mean about â€™3rd partyâ€™ is the part of your scripts that does not belong to MODx (+extras) and your own script.
Iâ€™ve never used http://developer.authorize.net/
, but keep your eyes on their security notifications
To simplify your work, you can use some ready-to-use 3rd party classes to sanitize your input.
Iâ€™ve used htmLawed
I bet youâ€™re using other scripts for several purposes, like Member Management, or Newsletter.
If youâ€™re using those scripts that you find from internet (like from http://phpclasses.org
), audit the code.
Or, are you asking about the â€™webrootâ€™?