Upgrade StorageSecurity question for federal agency use of Zotero
I'd like to get Zotero Connector for Chrome whitelisted by my federal agency.
The previous forum conversations on Zotero security for federal agencies were very helpful! My IT folks still have two questions that I could not find the answer to. Hoping the questions make sense:
1) Does the extension make it possible to run Javascript through CSS?
2) Are click redirects blocked, and if so, how?
The previous forum conversations on Zotero security for federal agencies were very helpful! My IT folks still have two questions that I could not find the answer to. Hoping the questions make sense:
1) Does the extension make it possible to run Javascript through CSS?
2) Are click redirects blocked, and if so, how?
-
adomasvenI'm not sure what you're asking here. There exist no conventional ways to run JavaScript from/through/in CSS. CSS stands for Cascading Style Sheets -- a format to describe styling of a website elements. If they meant XSS, then as far as we are aware we have no XSS vulnerabilities and design all our software, including the connectors, with security in mind. The connector does not monitor clicks on any website, except for Google Docs, where it injects custom UI elements to provide the citing capabilities. The connector provides an institutional proxy support function which when enabled and configured will redirect users when accessing resources that have been accessed via a proxy in the past. It will also attempt to intercept downloads of citation styles (e.g. from https://www.zotero.org/styles) and suggest to install them directly into Zotero, as well as bibliographic files, such as RIS and Bibtex and suggest to import them directly into Zotero.
-
geneticmaizeThank you very much. Apologies for the odd questions :)