When you install FireFox 4, you instantly receive a new security mechanism called Content Security Policy. This mechanism works behind the scenes to prevent some of the more severe web-based attacks against users and websites...

While using Firefox 4 to access our latest project (custom solution based upon the SharePoint 2010 platform in https context), we noticed that we couldn't use the Out-of-the-box and often used Date Time Control

The issue occurs when trying to switch to the next or previous month in the dialog that occurs after clicking on the calendar icon. In detail, the HideUnhide('DatePickerDiv','DatePickerDivP1','20110501'); method wasn't executing as expected.



By using the fire bug plug-in I was able to detect this warning in the console panel after clicking on the next month icon.



the SharePoint DateTime control makes use of an underlying Iframe to display the popup and I think that this might trigger the security guard in FF4 to prevent clickjacking

from developer.mozilla.org

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.

CSP is designed to be fully backward compatible; browsers that don't support it still work with servers that implement it, and vice-versa. Browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content. If the site doesn't offer the CSP header, browsers likewise use the standard same-origin policy.

A secondary goal of CSP is to mitigate clickjacking. Clickjacking happens when a malicious site directs a victim's mouse click to an unintended target in another site. This is typically done by framing the target site's content in a transparent <iframe> element.

CSP lets a site specify which sites may embed resources, thereby helping to prevent this sort of attack.

Note: For security reasons, you can't use the element to configure the X-Content-Security-Policy header.

The policy can be delivered from the server to the client via an HTTP response header or an HTML meta element. Both mechanisms indicates that a resource must have the set of restrictions specified in the policy applied to it by the user-agent while rendering the content.
(https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html)

Note: As soon as we tested the solution I'll update the post...

Overview
This guide walks you through some of the rich features that are available to developers and designers in SharePoint Online in Office 365. It provides an overview of the feature set and extensibility points for SharePoint Online, and a discussion of how to create solutions for this new environment. This guide begins by describing the types of solutions you can build, and then addresses the developer tools for SharePoint 2010, the new platform features, and the solution deployment architecture.

http://www.microsoft.com/downloads/en/d ... c043b9335a

IntelliTrace for 64-bit and SharePoint

IntelliTrace is the revolutionary new debugging technology in Visual Studio 2010 that enables you to move forward and backward through a debug session. However, because of time constraints and because it is a completely new feature, this technology does not work in all scenarios.
http://support.microsoft.com/kb/983509

Visual Studio 2010 SP1 enables the IntelliTrace debugging technology on 64-bit solutions and for Microsoft SharePoint farm solutions.


What is IntelliTrace?
http://blogs.msdn.com/b/habibh/archive/ ... trace.aspx

Example
http://msdn.microsoft.com/en-us/library/gg599007

Project Description
Enables a webpart and a ribbon button that allows you to retrieve the information recorded in the ULS log tagged with a specific correlation ID.

This makes it much easier for SharePoint developers to retrieve the log messages for a specific correlation token.

http://spcorrelationviewwp.codeplex.com/





More information regarding correlation Id's in SharePoint 2010:
http://sharepoint.microsoft.com/Blogs/G ... spx?ID=353
http://www.zimmergren.net/archive/2010/ ... -2010.aspx

As SharePoint developers we aren’t only responsible for creating the functionality business requires, but we are also responsible for the overall quality of the solution we build. This means an ergonomic fluent user interface, code that is suitable for changes and in my opinion one of the most important aspects, a good performance. Most of these topics are described in white papers, best practices and millions of books and blog posts… but wouldn’t it be a pleasure if it was already in the platform?
Yes, indeed! That is why the SharePoint team provided us with the developer dashboard and the SPMonitoredScope class!

How to activate the developer dashboard?
There are several different ways to activate and deactivate the toolbar; it is up to your greater judgment to decide which one seems the most suitable for your situation. By default it is deactivated, so the first step would be the activation. You can do this by using STSADM, PowerShell or C#

STSADM

stsadm -o setproperty -pn developer-dashboard -pv on
stsadm -o setproperty -pn developer-dashboard -pv off
stsadm -o setproperty -pn developer-dashboard -pv OnDemand

PowerShell

Add-PSSnapin Microsoft.SharePoint.Powershell
$dash =[Microsoft.SharePoint.Administration.SPWebService]::ContentService.DeveloperDashboardSettings;
$dash.DisplayLevel = 'OnDemand';
$dash.TraceEnabled = $true;
$dash.Update() 

PowerShell function

function Set-DevDashboard ( [string] $setting ) {
    $dashboardSetting = [Microsoft.SharePoint.Administration.SPWebService]::ContentService.DeveloperDashboardSettings
    Write-Host "Setting Developer Dashboard DisplayLevel to $setting." -ForegroundColor Gray
    switch -exact ($setting) {
        "On" { 
            $dashboardSetting.DisplayLevel = [Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::On
         }
         "OnDemand" {
            $dashboardSetting.DisplayLevel = [Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::OnDemand
         }
         "Off" {
            $dashboardSetting.DisplayLevel = [Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::Off
         }
         Default {
            "Valid settings are On, OnDemand, or Off."
            break
         }
    }
    $dashboardSetting.Update()
} 

How to provide custom traces in developer dashboard?

SPMonitoredScope inherits from IDisposable, so it is better to use it in combination with a using statement.

public class SPMonitoredScope : IDisposable

If you specify the onDemand setting, you receive a link button which displays a button which you can use to toggle the dashboard.

In order to demonstrate how easy it is, I created a new visual web part project and added this code in the page_load method. The code does nothing special, a single thread.sleep to simulate a long running operation and the monitoredscope class around it.

using Microsoft.SharePoint.Utilities;
protected void Page_Load(object sender, EventArgs e)
{
using (SPMonitoredScope GetListsBtnScope = new SPMonitoredScope("tomvangaever_call_1"))
{
Thread.Sleep(2000);
}
}

If we add the web part to the page and open the developer dashboard by using the new icon that appears next to your username, you can see that there is a new message in the dashboard and ULS view:

tomvangaever_call_1 (1999.67 ms)




How to provide the developer dashboard on a custom master page?
In order to provide this functionality on your own master page or custom page, you need 2 components. The first component (SharePoint:DeveloperDashboardLauncher) is the link button that allows you to enable/disable the dashboard. The second component is the dashboard (SharePoint:DeveloperDashboard)control itself.





When should I use it?
I would recommend using the SPMonitoredScope as a best practice around each major code block in your public methods. And while testing your web part you can review (and maybe improve) the performance of your code in detail.
What about sandboxed solutions?
You cannot use SPMonitoredScope in Sandboxed Solutions.

Happy SPCoding !!