What is it used for?
Clients are able to write and develop their own script and place it in the Themes > Scripts area to apply it to the ACME Online Checkout website.
In order to protect our platform, we have some security protections in place to block for active scripting that could alter the Online Checkout website behavior. For example, we block <script>, eval(), and document.write() from being entered in this section of Backoffice so that such scripts cannot be executed in the browser. In addition, we have OWASP 10 rules in Cloudflare for the ACME hosted eCommerce site that blocks the code that is dangerous, such as cross site scripting, injecting mechanisms, etc.
Please note that security is a field that evolves continuously; therefore, we recommend that any code to this section be carefully reviewed on your end.
ACME is not responsible for testing, troubleshooting, or supporting the code entered here or the functionality on the ACME Online Checkout website when scripts are used. We recommend anyone using this feature tests in Sandbox and in Production very carefully with change management processes applied first in sandboxes then deployed to production, including running through all of your use cases, ensuring that error messages show correctly, etc.
We have the right to remove the custom script at any point if the site is not working.
Please keep in mind that any updates to the Theme area in Production, including adding, updating, or removing content from the Scripts area, will take approximately 30 minutes to take effect. Updates take effect immediately in the Sandbox environment, so all testing activity should occur there prior to making an update to Production.