Need help? Looking for tips and tricks?

This knowledge base contains loads of useful advice and answers to common questions.

If you're still stuck you can always submit a support request and we'll get back to you ASAP.

Adding in site-wide code for third-party tools to Citizen Space, Dialogue or Budget Simulator - our guidance

Louise Cato -

We are occasionally asked if we can embed site-wide code for third-party tools, such as those for web screen reading or analytics. While we understand the use case, we take security very seriously and third-party plug-ins or code applied across the site could risk the security or functionality of our applications.

We strongly advise against having third-party custom code embedded site-wide, as well-meaning configuration changes may result in disruption to service, unforeseen changes to data, or the collection of data which has not been approved. Often these tools are remotely operated, allowing code to be injected into a site, and we have no control over how secure these pieces of software are as they are managed by third-parties. If a plug-in is capable of changing the behaviour of our applications (or any website) through use of Javascript, then this poses a significant risk.

What kind of things could the addition of these tools do?

a) They could prevent normal operation of a system by making unexpected changes (Availability)

b) Depending on how you have them set up and their purpose, they could potentially change your response data or omit some of it (Integrity)

c) They may also be able to read all the content on the page, if this is what they are designed to do - this may be in breach of local data protection regulations (Confidentiality)

As these are third-party tools, we have no control over what they may do when embedded into our software. Depending on the configuration (in most cases set by you or the external company) these may do one or all of the above and we are powerless to know what changes they may be making, therefore we are unable to support them.

For all of these reasons we'd ask you to think very carefully indeed before opening up your website to potential risks. If you do still wish us to embed third-party code across your site then we will do so as the site is yours, however this will be at your own organisation's risk and will invalidate your SLA with us should it be the cause of any disruption or loss of service/data.

Accessibility

To date, a couple of tools we have been asked to embed have been accessibility-related, and we completely agree with the desire to deliver accessible websites. Our products are all tested for accessibility and are designed to meet W3C WAI WCAG 1.0 & 2.0 Level AA. By following these standards, all our software should be compatible with recent versions of accessibility tools such as screen readers, speech recognition software, operating system accessibility tools such as screen magnifiers, and browser tools such as screen zoom and keyboard navigation - as such, they should not require additional plug-ins or third-party code.

However, we welcome feedback and if anyone is having trouble using any of our products we would like to know so that we can make improvements. Please use the support link at the top of this page to get in touch.

Analytics

If you wish to collect analytics data - rather than using a tool like Google Tag Manager, which allows code to be injected into a site and controlled externally - the use of standard Google Analytics tracking is better for this task. While we cannot recommend you use any analytics tools without proper thought and care, you can find out more information about Google Analytics on the Google website or in these articles we've written to help you:

Using Google Analytics with Citizen Space

Using Google Analytics with Dialogue

Using Google Analytics with Budget Simulator