Comments

• Fair points, all. Because it might have more general usefulness in the future, I will follow up with NoScript to see if subpath file:// URI whitelisting is on the roadmap. Thanks for your thoughtful reply! Update: I have started a NoScript fo…

  in NoScript and Zotero NOT working together Comment by royce.williams August 9, 2012
• I'm no security expert, but an HTTP URI isn't the only mechanism by which someone could be tricked into loading a file:// URI. For example, I can easily see a spear phishing attempt where someone was instructed to paste a file:// URI into their bro…

  in NoScript and Zotero NOT working together Comment by royce.williams August 9, 2012
• There are security concerns associated with whitelisting all "file://" URIs. An attacker could deposit a malicious script anywhere on the filesystem and evade NoScript's security. Is there any way to narrow down which files or directories that…

  in NoScript and Zotero NOT working together Comment by royce.williams August 9, 2012