Dangerous tags allowed in infoArray

[webian]

If there are no use cases that need html tags in $infoArray, it is better to not allow any tags.

tt_products/view/class.tx_ttproducts_info_view.php

Line 109 in bb56f05

$allowedTags = '<br><a><b><td><tr><div>';

By instance, allowing A tag, a user could send a malicious link in the note field of an order.

[franzholz]

The shop admin should not click on the links which he receives from the order emails.

However it could be made configurable which tags are allowed for the info fields.