First and foremost, this blog is not going away!

I won't be contributing here after this post.

However I will continue my adventures on a new blog at http://www.tomvangaever.be.

Thanks everyone, meet you there?

When you install FireFox 4, you instantly receive a new security mechanism called Content Security Policy. This mechanism works behind the scenes to prevent some of the more severe web-based attacks against users and websites...

While using Firefox 4 to access our latest project (custom solution based upon the SharePoint 2010 platform in https context), we noticed that we couldn't use the Out-of-the-box and often used Date Time Control

The issue occurs when trying to switch to the next or previous month in the dialog that occurs after clicking on the calendar icon. In detail, the HideUnhide('DatePickerDiv','DatePickerDivP1','20110501'); method wasn't executing as expected.



By using the fire bug plug-in I was able to detect this warning in the console panel after clicking on the next month icon.



the SharePoint DateTime control makes use of an underlying Iframe to display the popup and I think that this might trigger the security guard in FF4 to prevent clickjacking

from developer.mozilla.org

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.

CSP is designed to be fully backward compatible; browsers that don't support it still work with servers that implement it, and vice-versa. Browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content. If the site doesn't offer the CSP header, browsers likewise use the standard same-origin policy.

A secondary goal of CSP is to mitigate clickjacking. Clickjacking happens when a malicious site directs a victim's mouse click to an unintended target in another site. This is typically done by framing the target site's content in a transparent <iframe> element.

CSP lets a site specify which sites may embed resources, thereby helping to prevent this sort of attack.

Note: For security reasons, you can't use the element to configure the X-Content-Security-Policy header.

The policy can be delivered from the server to the client via an HTTP response header or an HTML meta element. Both mechanisms indicates that a resource must have the set of restrictions specified in the policy applied to it by the user-agent while rendering the content.
(https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html)

Note: As soon as we tested the solution I'll update the post...

Overview
This guide walks you through some of the rich features that are available to developers and designers in SharePoint Online in Office 365. It provides an overview of the feature set and extensibility points for SharePoint Online, and a discussion of how to create solutions for this new environment. This guide begins by describing the types of solutions you can build, and then addresses the developer tools for SharePoint 2010, the new platform features, and the solution deployment architecture.

http://www.microsoft.com/downloads/en/d ... c043b9335a

IntelliTrace for 64-bit and SharePoint

IntelliTrace is the revolutionary new debugging technology in Visual Studio 2010 that enables you to move forward and backward through a debug session. However, because of time constraints and because it is a completely new feature, this technology does not work in all scenarios.
http://support.microsoft.com/kb/983509

Visual Studio 2010 SP1 enables the IntelliTrace debugging technology on 64-bit solutions and for Microsoft SharePoint farm solutions.


What is IntelliTrace?
http://blogs.msdn.com/b/habibh/archive/ ... trace.aspx

Example
http://msdn.microsoft.com/en-us/library/gg599007

Project Description
Enables a webpart and a ribbon button that allows you to retrieve the information recorded in the ULS log tagged with a specific correlation ID.

This makes it much easier for SharePoint developers to retrieve the log messages for a specific correlation token.

http://spcorrelationviewwp.codeplex.com/





More information regarding correlation Id's in SharePoint 2010:
http://sharepoint.microsoft.com/Blogs/G ... spx?ID=353
http://www.zimmergren.net/archive/2010/ ... -2010.aspx