NSS Tools sslstrength
sslstrength summary a simple command-line client which connects to an ssl-server, and reports back the encryption cipher and strength used.
... synopsis 1) sslstrength ciphers 2) sslstrength hostname[:port] [ciphers=xyz] [debug] [verbose] [policy=export|domestic] description the first form simple lists out the possible ciphers.
...the second form attempts to connect to the named ssl host.
...And 4 more matches

NSS Tools sslstrength
sslstrength summary a simple command-line client which connects to an ssl-server, and reports back the encryption cipher and strength used.
... synopsis 1) sslstrength ciphers 2) sslstrength hostname[:port] [ciphers=xyz] [debug] [verbose] [policy=export|domestic] description the first form simple lists out the possible ciphers.
...the second form attempts to connect to the named ssl host.
...And 4 more matches

How to check the security state of an XMLHTTPRequest over SSL - Web APIs
here is a an example javascript function that prints the security details of an xmlhttprequest sent over ssl.
... was the used ssl certificate valid and what are its details (owner, expiration, certificate authority, etc.)?
... by setting the mozbackgroundrequest property of the request object and modifying the example appropriately, you can create your own alert dialog to handle ssl exceptions in your firefox extension or xulrunner application.
...And 4 more matches

ssltyp.html
this page is part of the ssl reference that we are migrating into the format described in the mdn style guide.
... upgraded documentation may be found in the current nss reference selected ssl types and structures chapter 3 selected ssl types and structures this chapter describes some of the most important types and structures used with the functions described in the rest of this document, and how to manage the memory used for them.
...when an application makes a copy of a particular certificate structure that already exists in memory, ssl makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy.
...And 3 more matches

Deprecated SSL functions
the following ssl functions have been replaced with newer versions.
... the deprecated functions are not supported by the new ssl shared libraries.
... applications that want to use the ssl shared libraries must convert to calling the new replacement functions listed below.
...And 2 more matches

nsIDownloadProgressListener
/toolkit/components/downloads/nsidownloadprogresslistener.idlscriptable this interface gives applications and extensions a way to monitor the status of downloads being processed by the download manager.
...this value is a combination of one of the nsiwebprogresslistener.state_transition_flags.
...see nsiwebprogresslistener.onstatechange() for details.
...And 2 more matches

nsISSLErrorListener
security/manager/ssl/public/nsisslerrorlistener.idlscriptable a mechanism to report a broken ssl connection.
... 1.0 66 introduced gecko 1.9 inherits from: nsisupports last changed in gecko 1.9 (firefox 3) note: the recipient of this ssl status notification should not block.
... method overview boolean notifysslerror(in nsiinterfacerequestor socketinfo, in print32 error, in autf8string targetsite); methods notifysslerror() called in case of an ssl error.
...And 2 more matches

nsIWebProgressListener2
an extended version of nsiwebprogresslistener.
... uriloader/base/nsiwebprogresslistener2.idlscriptable please add a summary to this article.
... last changed in gecko 1.9 (firefox 3) inherits from: nsiwebprogresslistener method overview void onprogresschange64(in nsiwebprogress awebprogress, in nsirequest arequest, in long long acurselfprogress, in long long amaxselfprogress, in long long acurtotalprogress, in long long amaxtotalprogress); boolean onrefreshattempted(in nsiwebprogress awebprogress, in nsiuri arefreshuri, in long amillis, in boolean asameuri); methods onprogresschange64() notification that the progress has changed for one of the requests associated with awebprogress.
...this function is identical to nsiwebprogresslistener.onprogresschange(), except that this function supports 64-bit values.

AddressErrors.addressLine - Web APIs
an object based on addresserrors includes an addressline property when validation of the address finds one or more errors in the array of strings in the address's addressline.
... syntax var addresslineerror = addresserrors.addressline; value if an error occurred during validation of the address due to one of the strings in the addressline array having an invalid value, this property is set to a domstring providing a human-readable error message explaining the validation error.
... if the paymentaddress object's addressline property was determined to be valid, this property is not included in the addresserrors dictionary.
... specifications specification status comment payment request apithe definition of 'addresserrors.addressline' in that specification.

Lossless compression - MDN Web Docs Glossary: Definitions of Web-related terms
lossless compression is a class of data compression algorithms that allows the original data to be perfectly reconstructed from the compressed data.
... lossless compression methods are reversible.
... examples of lossless compression include gzip, brotli, webp, and png, lossy compression, on the other hand, uses inexact approximations by discarding some data from the original file, making it an irreversible compression method.

nsISSLSocketControl
netwerk/socket/nsisslsocketcontrol.idlscriptable this interface establishes tls and ssl connections.
... inherits from: nsisupports last changed in gecko 1.9 (firefox 3) method overview void proxystartssl(); void starttls(); attributes attribute type description forcehandshake boolean obsolete since gecko 1.9 notificationcallbacks nsiinterfacerequestor methods proxystartssl() starts an ssl proxy connection.
... void proxystartssl(); parameters none.

PaymentAddress.addressLine - Web APIs
the addressline read-only property of the paymentaddress interface is an array of domstring objects, each specifying a line of the address that is not covered by one of the other properties of paymentaddress.
... syntax var paymentaddresslines = paymentaddress.addressline; value an array of domstring objects, each containing one line of the address.
... for example, the addressline array for the mozilla space in london would have the following entries: example showing addressline entries for an address in london index addressline[] value 0 metal box factory 1 suite 441, 4th floor 2 30 great guildford street these, combined with additional values for other properties of the paymentaddress, would represent the full address, which is: mozilla metal box factory suite 441, 4th floor 30 great guildford street london se1 0hs united kingdom specifications specification status comment payment request apithe definition of 'paymentaddress.addressline' in that specification.

addTabsProgressListener - Archive of obsolete content
« xul reference home addtabsprogresslistener( listener ) return type: no return value add a progress listener to the browser which will monitor loaded documents in all tabs in the tabbed browser.
... the progress listener should be based on the nsiwebprogresslistener interface with an additional "browser" argument as the first argument of every method, which is the browser (not <tabbrowser> = gbrowser) where the event occurred.

removeTabsProgressListener - Archive of obsolete content
« xul reference home removetabsprogresslistener( listener ) return type: no return value removes a progress listener to the browser which has been monitoring all tabs.
... the progress listener should implement the nsiwebprogresslistener interface.

addProgressListener - Archive of obsolete content
« xul reference home addprogresslistener( listener ) return type: no return value add a progress listener to the browser which will monitor loaded documents.
... the progress listener should implement the nsiwebprogresslistener interface.

OpenSSL - MDN Web Docs Glossary: Definitions of Web-related terms
openssl is an open-source implementation of ssl and tls.
... learn more general knowledge openssl on wikipedia official website ...

Secure Sockets Layer (SSL) - MDN Web Docs Glossary: Definitions of Web-related terms
secure sockets layer, or ssl, was the old standard security technology for creating an encrypted network link between a server and client, ensuring all data passed is private and secure.
... the current version of ssl is version 3.0, released by netscape in 1999, and has been superseded by the transport layer security (tls) protocol.

sslkey.html
this page is part of the ssl reference that we are migrating into the format described in the mdn style guide.
...when an application makes a copy of a particular certificate or key structure that already exists in memory, ssl makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy.

removeProgressListener - Archive of obsolete content
« xul reference home removeprogresslistener( listener ) return type: no return value remove a nsiwebprogresslistener from the browser.

Index
applications built with nss can support ssl v3, tls, pkcs #5, pkcs #7, pkcs #11, pkcs #12, s/mime, x.509 v3 certificates, and other security standards.
...nss has an ssl/tls module that implements the secure sockets layer/transport layer security network protocols, an s/mime module that implements cms messaging used by secure email and some instant messaging implementations, a dbm library that implements the classic database storage, and finally a core nss library for the big set of “everything else”.
... that's a good opportunity to talk about ssl/tls connections to servers in general (not just ev, not just websites).
...And 80 more matches

Introduction to Public-Key Cryptography - Archive of obsolete content
public-key cryptography and related standards and techniques underlie the security features of many products such as signed and encrypted email, single sign-on, and secure sockets layer (ssl) communications.
...for an overview of ssl, see "introduction to ssl." for an overview of encryption and decryption, see "encryption and decryption." information on digital signatures is available from "digital signatures." public-key cryptography is a set of well-established techniques and standards for protecting communications from eavesdropping, tampering, and impersonation attacks.
...client authentication based on certificates is part of the ssl protocol.
...And 37 more matches

Python binding for NSS
nss provides cryptography services supporting ssl, tls, pki, pkix, x509, pkcs*, etc.
... nss is an alternative to openssl and used extensively by major software projects.
... release information release 1.0.1 release date 2017-02-28 scm tag pynss_release_1_0_1 source download https://ftp.mozilla.org/pub/mozilla.org/security/python-nss/releases/pynss_release_1_0_1/src/ change log add tls 1.3 cipher suites ssl_cipher_info.py now attempts to enable tls 1.3 fix build issue in setup.py.
...And 24 more matches

Image file type and format guide - Web media technologies
compression lossless licensing free and open under the creative commons attribution-sharealike license (cc-by-sa) version 3.0 or later.
... compression several compression methods are supported, including lossy or lossless algorithms licensing covered by the microsoft open specification promise; while microsoft holds patents against bmp, they have published a promise not to assert its patent rights as long as specific conditions are met.
...gif uses the lempel-ziv-welch (lzw) algorithm to losslessly compress 8-bit indexed color graphics.
...And 20 more matches

nsIWebProgress
the nsiwebprogress interface is used to add or remove nsiwebprogresslistener instances to observe the loading of asynchronous requests (usually in the context of a dom window).
...a nsiwebprogresslistener instance receives notifications for the nsiwebprogress instance to which it added itself, and it may also receive notifications from any nsiwebprogress instances that are children of that nsiwebprogress instance.
... last changed in gecko 1.8.0 inherits from: nsisupports method overview void addprogresslistener(in nsiwebprogresslistener alistener, in unsigned long anotifymask); void removeprogresslistener(in nsiwebprogresslistener alistener); attributes attribute type description domwindow nsidomwindow the dom window associated with this nsiwebprogress instance.
...And 19 more matches

NSS 3.35 release notes
new types in sslt.h sslhandshaketype - the type of a tls handshake message.
... for the sslsignaturescheme enum, the enumerated values ssl_sig_rsa_pss_sha* are deprecated in response to a change in tls 1.3.
... please use the equivalent ssl_sig_rsa_pss_rsae_sha* for rsaencryption keys, or ssl_sig_rsa_pss_pss_sha* for pss keys.
...And 18 more matches

NSS environment variables
3.12 nss_ssl_cbc_random_iv string ("0", "1") controls the workaround for the beast attack on ssl 3.0 and tls 1.0.
... nss_ssl_enable_renegotiation string ([0|n|n], [1|u|u], [2|r|r], [3|t|t]) (definition for nss 3.12.6 and above) sets how tls renegotiation is handled [1|u|u]: ssl_renegotiate_unrestricted server and client are allowed to renegotiate without any restrictions.
... [0|n|n]: ssl_renegotiate_never never allow renegotiation - that was the default for 3.12.5 release.
...And 16 more matches

Web audio codec guide - Web media technologies
codec name (short) full codec name container support aac advanced audio coding mp4, adts, 3gp alac apple lossless audio codec mp4, quicktime (mov) amr adaptive multi-rate 3gp flac free lossless audio codec mp4, ogg, flac g.711 pulse code modulation (pcm) of voice frequencies rtp / webrtc g.722 7 khz audio coding within 64 kbps (for telephony/voip) rtp / webrtc mp3 mpeg-1 audio layer iii mp4, adts, mpeg1, 3gp opus opu...
... audio encoder configuration effects on quality and size feature effect on quality effect on size lossless compression no loss of fidelity unlikely to get more than 40-50% compression lossy compression always some loss of fidelity; the higher the compression, the more the loss compression of up to 80-95% possible quality setting the higher the quality, the better the fidelity of the encoded audio the higher the fidelity, the larger the resulting file becomes, tho...
... lossless versus lossy codecs there are two basic categories of audio compression.
...And 16 more matches

NSS functions
ssl functions the public functions listed here are used to configure sockets for communication via the ssl and tls protocols.
... in addition to the functions listed here, applications that support ssl use some of the certificate functions, crypto functions, and utility functions described below on this page.
... other sources of information: the nss_reference documents the functions most commonly used by applications to support ssl.
...And 15 more matches

Mozilla Crypto FAQ - Archive of obsolete content
in this document i try to answer some frequently asked questions about the mozilla web browser and mail/news client and its support for ssl, s/mime, and related features based on cryptographic technology.
...encryption export regulations published on january 14, 2000, the release on february 11, 2000, of source code for ssl, s/mime, and general pki functionality for use in the mozilla project, and the "bernstein advisory" issued by the bureau of export administration on february 17, 2000.
...in the near future the mozilla code base will include a complete open source cryptographic library, and mozilla will include ssl support as a standard feature.
...And 14 more matches

Index - MDN Web Docs Glossary: Definitions of Web-related terms
41 brotli brotli, glossary, reference, web performance, compression brotli is a general-purpose lossless compression algorithm.
... 163 gif composing, glossary gif (graphics interchange format) is an image format that uses lossless compression and can be used for animations.
...it uses ssl or tls to encrypt all communication between a client and a server.
...And 14 more matches

MCD, Mission Control Desktop, AKA AutoConfig - Archive of obsolete content
"@imap-int.int-evry.fr/templates"); lockpref("mail.identity.id1.tmpl_folder_picker_mode", "0"); lockpref("mail.identity.id1.valid", true); //smtp general lockpref("mail.smtp.defaultserver", "smtp1"); lockpref("mail.smtpserver.smtp1.auth_method", 0); lockpref("mail.smtpserver.smtp1.hostname", "smtp-int.int-evry.fr"); lockpref("mail.smtpserver.smtp1.port", 25); lockpref("mail.smtpserver.smtp1.try_ssl", 0); lockpref("mail.smtpserver.smtp1.username", ""); lockpref("mail.smtpservers", "smtp1"); lockpref("mail.startup.enabledmailcheckonce", true); lockpref("mailnews.quotingprefs.version", 1); lockpref("mailnews.ui.threadpane.version", 5); /* 3) define here (because if set after "4)" below it doesn't work!) processldapvalues which is eventually called by getldapattributes() just below, check get...
...ldapattributes() code from $mozilla_home/defaults/autoconfig/prefcalls.js to see the inside call to "user defined" processldapvalues */ function processldapvalues(values) { if(values) { // set the global var with the values returned from the ldap query ldap_values = values; var uid = getldapvalue(values, "uid"); var cn = getldapvalue(values, "cn"); var mail = getldapvalue(values, "mail"); var url = getldapvalue(values, "labeleduri"); // those ldap variables are only available in this processldapvalues context!
...var env_mozdebug= getenv("mozilla_debug"); if (env_mozdebug) {displayerror("no error, just a debug, cn =" + cn + " and mail = " + mail); } } } // 4) call ldap servers to get ldap attributes (mail & cn), this will finally call processldapvalues, "3)" just above.
...And 13 more matches

NSS 3.12.6 release notes
new in nss 3.12.6 ssl3 & tls renegotiation indication extension (rfc 5746) by default, nss 3.12.6 uses the new tls renegotiation indication extension for tls renegotiation but allows simple ssl/tls connections (without renegotiation) with peers that don't support the tls renegotiation indication extension.
... the behavior of nss for renegotiation can be changed through api function calls, or with the following environment variables: nss_ssl_enable_renegotiation values: [0|n|n]: ssl_renegotiate_never never allow renegotiation - that was the default for 3.12.5 release.
... [1|u|u]: ssl_renegotiate_unrestricted server and client are allowed to renegotiate without any restrictions.
...And 13 more matches

NSS 3.24 release notes
nss 3.24 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_24_rtm/src/ new in nss 3.24 nss 3.24 includes two nss softoken updates, a new function to configure ssl/tls server sockets, and two functions to improve the use of temporary arenas.
... a ssl_configservercert function has been added for configuring ssl/tls server sockets with a certificate and private key.
... use this new function in place of ssl_configsecureserver, ssl_configsecureserverwithcertchain, ssl_setstapledocspresponses, and ssl_setsignedcerttimestamps.
...And 13 more matches

gtstd.html
this page is part of the ssl reference that we are migrating into the format described in the mdn style guide.
... upgraded documentation may be found in the current nss reference getting started with ssl chapter 2 getting started with ssl this chapter describes how to set up your environment, including certificate and key databases.
... ssl, pkcs #11, and the default security databases setting up the certificate and key databases building nss programs ssl, pkcs #11, and the default security databases the basic relationships among the nss libraries are described in introduction to network security services.
...And 13 more matches

A Web PKI x509 certificate primer
generate the key using the following command: openssl genpkey -algorithm rsa -out key.pem -pkeyopt rsa_keygen_bits:2048 2048 is considered secure for the next 4 years.
...generate csr using this command: openssl req -new -key key.pem -days 1096 -extensions v3_ca -batch -out example.csr -utf8 -subj '/cn=www.example.com' this creates a new certificate signing request (csr) that will be valid for 3 years.
...write extensions file by creating a new file with name openssl.ss.cnf with the following contents: basicconstraints = ca:false subjectaltname =dns:www.example.com extendedkeyusage =serverauth 4.
...And 13 more matches

JSS FAQ
my ssl connection is hanging on windows?
... how can i tell which ssl/tls ciphers jss supports?
... how can i debug my ssl connection?
...And 11 more matches

nss tech note3
the list of known seccertusages is short: certusagesslclient ........... an ssl client authentication cert certusagesslserver ........... an ordinary ssl server cert certusagesslserverwithstepup.. an ssl server cert that allows export clients to use strong crypto.
... certusagesslca ............... an intermediate or root ca cert allowed to issue ssl client or ssl server certs or other intermediate ssl ca certs.
... there are 8 key usages: cert_sign crl_sign data_encipherment digital_signature govt_approved key_agreement key_encipherment non_repudiation there are 9 cert types: email email_ca object_signing object_signing_ca ssl_ca ssl_client ssl_server status_responder time_stamp for the cert being checked, the requirements are: cert usage requried key usage required cert type -------------------- -------------------- ----------------------- sslclient: digital_signature; ssl_client; sslserver: key_agreement or key_encipherment; ssl_server; sslserverwithstepup: govt_approved and ssl_server key...
...And 10 more matches

TCP/IP Security - Archive of obsolete content
(tls is the standards-based version of ssl version 3.
... traditionally tls has been used to protect http-based communications and can be used with ssl portal vpns.
... ssl tunnel vpns provide the ability to secure both tcp and udp communications including client/server and other network traffic, and therefore act as network layer vpns.
...And 9 more matches

NSS FAQ
if you want add support for ssl, s/mime, or other internet security standards to your application, you can use network security services (nss) to do so.
... because nss provides complete support for all versions of ssl and tls, it is particularly well-suited for applications that need to communicate with the many clients and servers that already support the ssl protocol.
... how does nss compare to openssl?
...And 9 more matches

nss tech note8
background information on libssl's cache functions and sids nss technical note: 8 27 february 2006 nelson b.
... bolyard here is some background information on libssl's cache functions and sids.
... a sid (or sslsessionid struct) contains all the info needed to restart the ssl session at a later time on another socket.
...And 9 more matches

Index - Archive of obsolete content
561 mozilla crypto faq nss, outdated_articles in this document i try to answer some frequently asked questions about the mozilla web browser and mail/news client and its support for ssl, s/mime, and related features based on cryptographic technology.
... 1176 addprogresslistener xul methods, xul reference no summary!
... 1179 addtabsprogresslistener no summary!
...And 8 more matches

NSS reference
initial notes we are migrating the ssl reference into the format described in the mdn style guide.
... the proposed chapters below are based on the chapters of the ssl reference and the categories of functions in nss public functions.
... building and installing nss overview of an nss application based on "overview of an ssl application" in the ssl reference.
...And 8 more matches

TLS Cipher Suite Discovery
to that end, nss's libssl offers a way for applications to discover at run time the set of cipher suites supported by that version of libssl.
... libssl provides enough information about each of the supported cipher suites that the application can construct a display of that information from which the user can choose which cipher suites his application will attempt to use.
... libssl offers a public table of well defined cipher suite numbers.
...And 8 more matches

Web video codec guide - Web media technologies
some lossless codecs do exist, but they are typically used for archival and storage for local playback rather than for use on a network.
...it's also possible to select a lossless form of encoding, which will result in a much larger encoded file but with perfect reproduction of the original video upon decoding.
... video encoder configuration effects on quality and size feature effect on quality effect on size lossless compression no loss of quality lossless compression cannot reduce the overall video size nearly as much as lossy compression; the resulting files are likely to still be too large for general usage.
...And 8 more matches

NSS 3.12.5 release_notes
new in nss 3.12.5 ssl3 & tls renegotiation vulnerability see cve-2009-3555 and us-cert vu#120541 for more information about this security vulnerability.
... all ssl/tls renegotiation is disabled by default in nss 3.12.5.
... if an application depends on renegotiation feature, it can be enabled by setting the environment variable nss_ssl_enable_renegotiation to 1.
...And 7 more matches

NSS 3.28 release notes
new functions in ssl.h ssl_exportearlykeyingmaterial implements a key exporter based on the tls 1.3 early exporter secret.
... this api is equivalent in function to ssl_exportkeyingmaterial, but it can only succeed if 0-rtt was attempted (on the client) or accepted (on the server).
... ssl_sendadditionalkeyshares configures a tls 1.3 client so that it generates additional key shares when sending a clienthello.
...And 7 more matches

inIDOMUtils
inherits from: nsisupports last changed in gecko 22.0 (firefox 22.0 / thunderbird 22.0 / seamonkey 2.19) implemented by: @mozilla.org/inspector/dom-utils;1 as a service: var inidomutils = components.classes["@mozilla.org/inspector/dom-utils;1"] .getservice(components.interfaces.inidomutils); method overview void addpseudoclasslock(in nsidomelement aelement, in domstring apseudoclass); void clearpseudoclasslocks(in nsidomelement aelement); [implicit_jscontext] jsval colornametorgb(in domstring acolorname); nsiarray getbindingurls(in nsidomelement aelement); nsidomnodelist getchildrenfornode(in nsidomnode anode, in boolean ashowinganonymouscontent); unsigned long long getconte...
...n(in nsidomcssstylerule arule); unsigned long getselectorcount(in nsidomcssstylerule arule); astring getselectortext(in nsidomcssstylerule arule, in unsigned long aselectorindex); unsigned long long getspecificity(in nsidomcssstylerule arule, in unsigned long aselectorindex); nsidomfontfacelist getusedfontfaces(in nsidomrange arange); bool haspseudoclasslock(in nsidomelement aelement, in domstring apseudoclass); boolean isignorablewhitespace(in nsidomcharacterdata adatanode); bool isinheritedproperty(in astring apropertyname); void parsestylesheet(in nsidomcssstylesheet asheet, in domstring ainput); void removepseudoclasslock(in nsidomelement aelement, in domstring apseudoclass); astring rgbtocolorname...
... addpseudoclasslock() makes the element take on style properties that would apply if the element had the given pseudo-classes.
...And 7 more matches

tabbrowser - Archive of obsolete content
kgroup, onnewtab, tabmodalpromptshowing properties browsers, cangoback, cangoforward, contentdocument, contenttitle, contentvieweredit, contentviewerfile, contentwindow, currenturi, docshell, documentcharsetinfo, homepage, markupdocumentviewer, securityui, selectedbrowser, selectedtab, sessionhistory, tabcontainer, tabs, visibletabs, webbrowserfind, webnavigation, webprogress methods addprogresslistener, addtab, addtabsprogresslistener,appendgroup, getbrowseratindex, getbrowserindexfordocument, getbrowserfordocument, getbrowserfortab, geticon, getnotificationbox, gettabforbrowser, gettabmodalpromptbox, goback, gobackgroup, goforward, goforwardgroup, gohome, gotoindex, loadgroup, loadonetab, loadtabs, loaduri, loaduriwithflags, movetabto, pintab, reload, reloadalltabs, reloadtab, reloadwit...
...hflags, removealltabsbut, removecurrenttab, removeprogresslistener, removetab, removetabsprogresslistener,replacegroup, selecttabatindex, seticon, showonlythesetabs, stop, unpintab attributes autocompleteenabled type: boolean set to true to enable autocomplete of fields.
...ildnodes(), insertbefore(), isdefaultnamespace(), isequalnode, issamenode, issupported(), lookupnamespaceuri, lookupprefix, normalize(), queryselector(), queryselectorall(), removeattribute(), removeattributenode(), removeattributens(), removechild(), removeeventlistener(), replacechild(), setattribute(), setattributenode(), setattributenodens(), setattributens(), setuserdata addprogresslistener( listener ) return type: no return value add a progress listener to the browser which will monitor loaded documents.
...And 6 more matches

An overview of NSS Internals
nss has an ssl/tls module that implements the secure sockets layer/transport layer security network protocols, an s/mime module that implements cms messaging used by secure email and some instant messaging implementations, a dbm library that implements the classic database storage, and finally a core nss library for the big set of “everything else”.
... that's a good opportunity to talk about ssl/tls connections to servers in general (not just ev, not just websites).
... whenever this document mentions ssl, it refers to either ssl or tls.
...And 6 more matches

NSS tools : certutil
there are three available trust categories for each certificate, expressed in the order ssl, email, object signing for each trust setting.
... in each category position, use none, any, or all of the attribute codes: + p - valid peer + p - trusted peer (implies p) + c - valid ca + t - trusted ca to issue client certificates (implies c) + c - trusted ca to issue server certificates (ssl only) (implies c) + u - certificate can be used for authentication or signing + w - send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.
... the contexts are the following: · c (as an ssl client) · v (as an ssl server) · l (as an ssl ca) · a (as any ca) · y (verify ca) · s (as an email signer) · r (as an email recipient) · o (as an ocsp status responder) · j (as an object signer) -v valid-months set the number of months a new certificate will be ...
...And 6 more matches

certutil
there are three available trust categories for each certificate, expressed in the order ssl, email, object signing for each trust setting.
... in each category position, use none, any, or all of the attribute codes: o p - valid peer o p - trusted peer (implies p) o c - valid ca o t - trusted ca to issue client certificates (implies c) o c - trusted ca to issue server certificates (ssl only) (implies c) o u - certificate can be used for authentication or signing o w - send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.
... the contexts are the following: o c (as an ssl client) o v (as an ssl server) o s (as an email signer) o r (as an email recipient) o o (as an ocsp status responder) o j (as an object signer) -v valid-months set the number of months a new certificate will be valid.
...And 6 more matches

JXON - Archive of obsolete content
jxon (lossless javascript xml object notation) is a generic name by which is defined the representation of javascript objects using xml.
...this type of algorithm is still considered lossless, since what is lost is meta-information and not information.
...moreover, all algorithms are equally lossless for the contemplated nodes.
...And 5 more matches

Video and Audio APIs - Learn web development
two addeventlistener() lines below the previous ones: rwd.addeventlistener('click', mediabackward); fwd.addeventlistener('click', mediaforward); now on to the event handler functions — add the following code below your previous functions to define mediabackward() and mediaforward(): let intervalfwd; let intervalrwd; function mediabackward() { clearinterval(intervalfwd); fwd.classlist.remove('active'); if(rwd.classlist.contains('active')) { rwd.classlist.remove('active'); clearinterval(intervalrwd); media.play(); } else { rwd.classlist.add('active'); media.pause(); intervalrwd = setinterval(windbackward, 200); } } function mediaforward() { clearinterval(intervalrwd); rwd.classlist.remove('active'); if(fwd.classlist.contains('active')) ...
...{ fwd.classlist.remove('active'); clearinterval(intervalfwd); media.play(); } else { fwd.classlist.add('active'); media.pause(); intervalfwd = setinterval(windforward, 200); } } you'll notice that first we initialize two variables — intervalfwd and intervalrwd — you'll find out what they are for later on.
...the classlist is a rather handy property that exists on every element — it contains a list of all the classes set on the element, as well as methods for adding/removing classes, etc.
...And 5 more matches

NSS 3.20 release notes
new functions in ssl.h ssl_dhegroupprefset - configure the set of allowed/enabled dhe group parameters that can be used by nss for a server socket.
... ssl_enableweakdheprimegroup - enable the use of weak dhe group parameters that are smaller than default minimum size of the library.
... new types in sslt.h ssldhegrouptype - enumerates the set of dhe parameters embedded in nss that can be used with function ssl_dhegroupprefset new macros in ssl.h ssl_enable_server_dhe - a socket option user to enable or disable dhe ciphersuites for a server socket notable changes in nss 3.20 the tls library has been extended to support dhe ciphersuites in server applications.
...And 5 more matches

NSS API Guidelines
same level as ssl lib/crmf cmmf.h, crmf.h, crmft.h, cmmft.h, crmffut.h cryptohi provides high-level cryptographic support operations: such as signing, verifying signatures, key generation, key manipulation, hashing; and data types.
... pkcs #11: implementation lib/softoken keydbt.h, keylow.h, keytboth.h, keytlow.h, secpkcs5.h, pkcs11.h, pkcs11f.h, pkcs11p.h, pkcs11t.h, pkcs11u.h ssl provides an implementation of the ssl protocol using nss and nspr.
... ssl lib/ssl ssl.h, sslerr.h, sslproto.h, preenc.h secutil provides utility functions and data types used by other libraries.
...And 5 more matches

Index
567 nsidownloadprogresslistener interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference to use simply implement this interface in your code, then call nsidownloadmanager.addlistener() to start listening.
...to create an instance, use: 610 nsifeedprogresslistener interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference called after each entry or item is processed.
... 875 nsisslerrorlistener interfaces, interfaces:scriptable, xpcom, xpcom interface reference called in case of an ssl error.
...And 5 more matches

Media container formats (file types) - Web media technologies
codec name (short) full codec name browser compatibility1 3gp third generation partnership firefox for android adts audio data transport stream firefox2 flac free lossless audio codec chrome 56, edge 16, firefox 51, safari 11 mpeg / mpeg-2 moving picture experts group (1 and 2) — mpeg-4 (mp4) moving picture experts group 4 chrome 3, edge 12, firefox, internet explorer 9, opera 24, safari 3.1 ogg ogg chrome 3, firefox 3.5, edge 173 (desktop only), internet explorer 9, opera 10.50 quicktime (mov) apple ...
... flac the free lossless audio codec (flac) is a lossless audio codec; there is also an associated simple container format, also called flac, that can contain this audio.
... no mpeg-4 part 2 visual no motion jpeg no sorenson video 2 no sorenson video 3 no audio codecs supported by quicktime codec browser support chrome edge firefox safari aac no alaw 2:1 no apple lossless (alac) no he-aac no mpeg-1 audio layer iii (mp3) no microsoft adpcm no µ-law 2:1 (u-law) no wave (wav) the waveform audio file format (wave), usually referred to simply as wav due to its filename extension being .wav, is a format developed by microsoft and ibm to store audio ...
...And 5 more matches

Progress Listeners - Archive of obsolete content
progress listeners implement the nsiwebprogresslistener interface.
... example create an object which implements nsiwebprogresslistener: const state_start = ci.nsiwebprogresslistener.state_start; const state_stop = ci.nsiwebprogresslistener.state_stop; var mylistener = { queryinterface: xpcomutils.generateqi(["nsiwebprogresslistener", "nsisupportsweakreference"]), onstatechange: function(awebprogress, arequest, aflag, astatus) { // if you use mylistener for mor...
... // for definitions of the remaining functions see related documentation onprogresschange: function(awebprogress, arequest, curself, maxself, curtot, maxtot) {}, onstatuschange: function(awebprogress, arequest, astatus, amessage) {}, onsecuritychange: function(awebprogress, arequest, astate) {} } attach the progress listener to a <browser> or a <tabbrowser> element using addprogresslistener, for example for firefox put the following code in a load listener of a main window: gbrowser.addprogresslistener(mylistener); when used with a browser, the second argument is a mask which determines the type of events that will be received.
...And 4 more matches

Gecko Compatibility Handbook - Archive of obsolete content
(related article) connecting to a secure site fails, but connects in internet explorer the web server does not properly implement the fall back negotiation for ssl.
... the web server administrator needs to upgrade the ssl software.
... in order to use a site with a defective implementation of ssl, visitors need to disable tls in their netscape 6/7 or mozilla browser until the site has upgraded to software that correctly implements ssl.
...And 4 more matches

4.3.1 Release Notes
release date: 2009-12-02 introduction network security services for java (jss) 4.3.1 is a minor release with the following new features: support for ssl3 & tls renegotiation vulnerablity support to explicitly set the key usage for the generated private key jss 4.3.1 is tri-licensed under mpl 1.1/gpl 2.0/lgpl 2.1.
... ssl3 & tls renegotiation vulnerability see cve-2009-3555 and us-cert vu#120541 for more information about this security vulnerability.
... all ssl/tls renegotiation is disabled by default in nss 3.12.5 and therefore will be disabled by default with jss 4.3.1.
...And 4 more matches

NSS_3.12_release_notes.html
tls session ticket extension (off by default) see ssl_enable_session_tickets in ssl.h new ssl error codes (see sslerr.h) ssl_error_unsupported_extension_alert ssl_error_certificate_unobtainable_alert ssl_error_unrecognized_name_alert ssl_error_bad_cert_status_response_alert ssl_error_bad_cert_hash_value_alert ssl_error_rx_unexpected_new_session_ticket ssl_error_rx_malformed_new_session_ticket new tls cipher suites (see sslproto.h): tls_rsa_wit...
... bug 354403: nsslist_createiterator returns pointer to a freed memory if the function fails to allocate a lock bug 399236: pkix wrapper must print debug output into stderr bug 399300: pkix error results not freed after use.
...bug 402114: fix the incorrect function prototypes of ssl handshake callbacks bug 402308: fix miscellaneous compiler warnings in nss/cmd bug 402777: lib/util can't be built stand-alone.
...And 4 more matches

Overview of NSS
open source crypto libraries proven application security architecture if you want to add support for ssl, s/mime, or other internet security standards to your application, you can use network security services (nss) to implement all your security features.
... server products from red hat: red hat directory server, red hat certificate system, and the mod_nss ssl module for the apache web server.
... suse linux enterprise server supports nss and the mod_nss ssl module for the apache web server.
...And 4 more matches

pkfnc.html
this page is part of the ssl reference that we are migrating into the format described in the mdn style guide.
...this pointer is set with ssl_setpkcs11pinarg during ssl configuration.
... to retrieve its current value, use ssl_revealpinarg.
...And 4 more matches

nsIDownloadManager
ager;1"] .getservice(components.interfaces.nsidownloadmanager); method overview nsidownload adddownload(in short adownloadtype, in nsiuri asource, in nsiuri atarget, in astring adisplayname, in nsimimeinfo amimeinfo, in prtime astarttime, in nsilocalfile atempfile, in nsicancelable acancelable, in boolean aisprivate); void addlistener(in nsidownloadprogresslistener alistener); void canceldownload(in unsigned long aid); void cleanup(); void endbatchupdate(); obsolete since gecko 1.9.1 void flush(); obsolete since gecko 1.8 nsidownload getdownload(in unsigned long aid); void onclose(); obsolete since gecko 1.9.1 void open(in nsidomwindow aparent, in nsidownload adownload); obsolete since ...
...1.9.1 void openprogressdialogfor(in nsidownload adownload, in nsidomwindow aparent, in boolean acanceldownloadonclose); obsolete since gecko 1.9.1 void pausedownload(in unsigned long aid); void removedownload(in unsigned long aid); void removedownloadsbytimeframe(in long long abegintime, in long long aendtime); void removelistener(in nsidownloadprogresslistener alistener); void resumedownload(in unsigned long aid); void retrydownload(in unsigned long aid); void savestate(); obsolete since gecko 1.8 void startbatchupdate(); obsolete since gecko 1.9.1 attributes attribute type description activedownloadcount long the number of files currently being downloaded.
... listener nsidownloadprogresslistener the download manager's progress listener.
...And 4 more matches

Index - Web APIs
30 addresserrors.addressline api, addresserrors, error, payment request, payment request api, property, reference, validation, addressline, payment an object based on addresserrors includes an addressline property when validation of the address finds one or more errors in the array of strings in the address's addressline.
...such a set is returned by element.classlist, htmllinkelement.rellist, htmlanchorelement.rellist, htmlareaelement.rellist, htmliframeelement.sandbox, or htmloutputelement.htmlfor.
... 1101 element.classlist api, dom, element, property, read-only, reference the element.classlist is a read-only property that returns a live domtokenlist collection of the class attributes of the element.
...And 4 more matches

Downloading Files - Archive of obsolete content
var privacy = privatebrowsingutils.privacycontextfromwindow(aurlsourcewindow); var progresselement = document.getelementbyid("progress_element"); persist.progresslistener = { onprogresschange: function(awebprogress, arequest, acurselfprogress, amaxselfprogress, acurtotalprogress, amaxtotalprogress) { var percentcomplete = math.round((acurtotalprogress / amaxtotalprogress) * 100); progresselement.textcontent = percentcomplete +"%"; }, onstatechange: function(awebprogress, arequest, astateflags, astatus) { // do something } } persist.saveu...
...ri(obj_uri, null, null, null, "", targetfile, privacy); downloading files that require credentials before calling nsiwebbrowserpersist.saveuri(), you need to set the progresslistener property of the nsiwebbrowserpersist instance to an object that implements nsiauthprompt.
...var privacy = privatebrowsingutils.privacycontextfromwindow(urlsourcewindow); var hardcodedusername = "ericjung"; var hardcodedpassword = "foobar"; persist.progresslistener = { queryinterface: xpcomutils.generateqi(["nsiauthprompt"]), // implements nsiauthprompt prompt: function(dialogtitle, text, passwordrealm, savepassword, defaulttext, result) { result.value = hardcodedpassword; return true; }, promptpassword: function(dialogtitle, text, passwordrealm, savepassword, pwd) { pwd.value = hardcodedpassword; return true; }, prompt...
...And 3 more matches

Listening to events in Firefox extensions - Archive of obsolete content
both browser and tabbrowser elements support the following: var progresslistener = { // add nsiwebprogressimplementation here } b.addprogresslistener(progresslistener); where b is the browser or tabbrowser you want to listen to events for.
...in order to listen to events from all browsers, including those not currently being displayed, the following example can be used: var tabsprogresslistener = { // add tabs progress listener implementation here } gbrowser.addtabsprogresslistener(tabsprogresslistener); this lets you receive events related to all tabs.
... xulbrowserwindow xulbrowserwindow is an nsiwebprogresslistener used to get progress events for the currently visible browser.
...And 3 more matches

Intercepting Page Loads - Archive of obsolete content
webprogresslisteners when used in the chrome, this is a more sophisticated way of intercepting and modifying the various stages in page loads.
...here's a code sample that keeps track of your progress listeners for all tabs: init : function() { gbrowser.browsers.foreach(function (browser) { this._toggleprogresslistener(browser.webprogress, true); }, this); gbrowser.tabcontainer.addeventlistener("tabopen", this, false); gbrowser.tabcontainer.addeventlistener("tabclose", this, false); }, uninit : function() { gbrowser.browsers.foreach(function (browser) { this ._toggleprogresslistener(browser.webprogress, false); }, this); gbrowser.tabcontainer.removeeventlistener("tabopen", this, false)...
...; gbrowser.tabcontainer.removeeventlistener("tabclose", this, false); }, handleevent : function(aevent) { let tab = aevent.target; let webprogress = gbrowser.getbrowserfortab(tab).webprogress; this._toggleprogresslistener(webprogress, ("tabopen" == aevent.type)); }, _toggleprogresslistener : function(awebprogress, aisadd) { if (aisadd) { awebprogress.addprogresslistener(this, awebprogress.notify_all); } else { awebprogress.removeprogresslistener(this); } } this shouldn't be too hard to follow.
...And 3 more matches

Tamarin build documentation - Archive of obsolete content
if you have trouble starting the app try this: $ export android_swt=$android_build_top/android-sdk-mac_86/tools/lib/x86_64 where $android_build_top is the full path to your sdk/ndk top folder - get the openssl-0.9.8r.tar (openssl-1.0.0c.tar.gz won't work) openssl files from http://www.openssl.org (use the source link on the left).
... unzip the file and put the /openssl main folder under your sdk/ndk top folder.
... make sure its name is just "openssl".
...And 3 more matches

How to build custom form controls - Learn web development
window.addeventlistener("load", function () { document.body.classlist.remove("no-widget"); document.body.classlist.add("widget"); }); without js with js check out the source code note: if you really want to make your code generic and reusable, instead of doing a class switch it's far better to just add the widget class to hide the <select> elements, and to dynamically add the dom tree representing the custom cont...
...the features we plan to use are the following: classlist addeventlistener() foreach queryselector() and queryselectorall() beyond the availability of those specific features, there is still one issue remaining before starting.
... // this function will be used each time we want to deactivate a custom control // it takes one parameter // select : the dom node with the `select` class to deactivate function deactivateselect(select) { // if the control is not active there is nothing to do if (!select.classlist.contains('active')) return; // we need to get the list of options for the custom control var optlist = select.queryselector('.optlist'); // we close the list of option optlist.classlist.add('hidden'); // and we deactivate the custom control itself select.classlist.remove('active'); } // this function will be used each time the user wants to (de)activate the control // it takes ...
...And 3 more matches

Introduction to automated testing - Learn web development
commercial cross-browser testing apps like lambdatest, sauce labs, browserstack, and testingbot are based on selenium, but allow you to access their set up remotely using a simple interface, saving you the hassle of setting up your own testing system.
...a reasonable set of basic functionalities to run on our project is as follows: html-tidy, css-lint, and js-hint to lint and report/fix common html/css/js errors (see gulp-htmltidy, gulp-csslint, gulp-jshint).
... autoprefixer and css-lint install using the following lines: npm install --save-dev gulp-autoprefixer npm install --save-dev gulp-csslint add the following dependencies to gulpfile.js: const autoprefixer = require('gulp-autoprefixer'); const csslint = require('gulp-csslint'); add the following test to the bottom of gulpfile.js: function css(cb) { return gulp.src('src/style.css') .pipe(csslint()) .pipe(csslint.formatter('compact')) .pipe(autoprefixer({ browsers: ['last 5 versions'...
...And 3 more matches

NSS Key Log Format
you can tell wireshark where to find the key file via edit→preferences→protocols→ssl→(pre)-master-secret log filename.
... key logging is enabled by setting the environment variable sslkeylogfile to point to a file.
... note: starting with nss 3.24 (used by firefox 48 and 49 only), the sslkeylogfile approach is disabled by default for optimized builds using the makefile (those using gyp via build.sh are not affected).
...And 3 more matches

NSS 3.14 release notes
these functions are intended to replace the now-deprecated use of the ssl_enable_ssl3 and ssl_enable_tls socket options.
... the following functions have been added to the libssl library included in nss 3.14 ssl_versionrangeget (in ssl.h) ssl_versionrangegetdefault (in ssl.h) ssl_versionrangegetsupported (in ssl.h) ssl_versionrangeset (in ssl.h) ssl_versionrangesetdefault (in ssl.h) to better ensure interoperability with peers that support tls 1.1, nss has altered how it handles certain ssl protocol layer events.
... the following functions have been added to the libssl library included in nss 3.14: dtls_importfd (in ssl.h) dtls_gethandshaketimeout (in ssl.h) ssl_getsrtpcipher (in ssl.h) ssl_setrtpciphers (in ssl.h) support for aes-gcm support for aes-gcm has been added to the nss pkcs #11 module (softoken), based upon the draft 7 of pkcs #11 v2.30.
...And 3 more matches

NSS 3.15 release notes
tls client applications may enable this via a call to ssl_optionsetdefault(ssl_enable_ocsp_stapling, pr_true); added function secitem_reallocitemv2.
... new functions in ssl.h ssl_peerstapledocspresponse - returns the server's stapled ocsp response, when used with a tls client socket that negotiated the status_request extension.
... ssl_setstapledocspresponses - set's a stapled ocsp response for a tls server socket to return when clients send the status_request extension.
...And 3 more matches

NSS PKCS11 Functions
this pointer is set with ssl_setpkcs11pinarg during ssl configuration.
... to retrieve its current value, use ssl_revealpinarg.
...this pointer is set with ssl_setpkcs11pinarg during ssl configuration.
...And 3 more matches

NSS_3.12.3_release_notes.html
nss_use_shexp_in_cert_name boolean (any non-empty value to enable) tells nss to allow shell-style wildcard patterns in certificates to match ssl server host names.
...en ckm_seed_ecb ckm_seed_cbc ckm_seed_mac ckm_seed_mac_general ckm_seed_cbc_pad ckm_seed_ecb_encrypt_data ckm_seed_cbc_encrypt_data in secmod.h: public_mech_seed_flag in secmodt.h: secmod_seed_flag in secoidt.h: sec_oid_seed_cbc in sslproto.h: tls_rsa_with_seed_cbc_sha in sslt.h: ssl_calg_seed new structure for seed support: (see blapit.h) seedcontextstr seedcontext new functions in the nss shared library: cert_rfc1485_escapeandquote (see cert.h) cert_comparec...
... bug 426413: audit messages need distinct types bug 438870: free freebl hashing code of dependencies on nspr and libutil bug 439115: db merge allows nickname conflicts in merged db bug 439199: sse2 instructions for bignum are not implemented on windows 32-bit bug 441321: tolerate incorrect encoding of dsa signatures in ssl 3.0 handshakes bug 444404: libpkix reports unknown issuer for nearly all certificate errors bug 452391: certutil -k incorrectly reports ec private key as an orphan bug 453234: support for seed cipher suites to tls rfc4010 bug 453364: improve pk11_cipherop error reporting (was: pk11_createcontextbysymkey returns null bug 456406: slot list leaks in symkeyutil bug 461085: rfe: export fun...
...And 3 more matches

NSS Tools certutil
there are three available trust categories for each certificate, expressed in this order: "ssl ,email ,object signing ".
... in each category position use zero or more of the following attribute codes: p prohibited (explicitly distrusted) p trusted peer c valid ca t trusted ca to issue client certificates (implies c) c trusted ca to issue server certificates (ssl only) (implies c) u certificate can be used for authentication or signing w send warning (use with other attributes to include a warning when the certificate is used in that context) the attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.
...the contexts are the following: c (as an ssl client) v (as an ssl server) s (as an email signer) r (as an email recipient) -v valid-months set the number of months a new certificate will be valid.
...And 3 more matches

nsIBadCertListener2
security/manager/ssl/public/nsibadcertlistener2.idlscriptable this interface is used to is report a broken ssl status.
... it can also be used to obtain the ssl handshake status of a connection that will be canceled because of improper certificate status.
...method overview boolean notifycertproblem(in nsiinterfacerequestor socketinfo, in nsisslstatus status, in autf8string targetsite); methods notifycertproblem() called in case of a broken ssl status.
...And 3 more matches

Digital audio concepts - Web media technologies
lossy vs lossless compression if loss of detail and potentially fidelity is unacceptable or undesirable, a lossless codec is preferred.
...generally, lossy compression results in significantly smaller output than lossless compression methods; also, many lossy codecs are excellent, with the loss in quality and detail being difficult or even impossible for the average listener to discern.
...whereas lossless compression algorithms usually manage no better than a 40-50% of the size of the original, uncompressed sound data, modern lossy compression algorithms can reduce the size of the audio to between 5-20% of the original size, depending on the complexity of the audio.
...And 3 more matches

JavaScript crypto - Archive of obsolete content
web sites which use ssl clientauth login could use the following code to refresh the page on token insertions and removals: <!doctype html> <p>...
... cipherflags a bit vector indicating all ssl or s/mime cipher functions supported by the module (see below).
...the ssl session cache is also cleared (from firefox 1.5 upward).
...And 2 more matches

Encryption and Decryption - Archive of obsolete content
symmetric-key encryption plays an important role in the ssl protocol, which is widely used for authentication, tamper detection, and encryption over tcp/ip networks.
... ssl also uses techniques of public-key encryption, which is described in the next section.
...this is the approach used by the ssl protocol.
...And 2 more matches

NSS 3.15.1 release notes
new types in sslprot.h ssl_library_version_tls_1_2 - the protocol version of tls 1.2 on the wire, value 0x0303.
... in sslerr.h ssl_error_unsupported_hash_algorithm, ssl_error_digest_failure, ssl_error_incorrect_signature_algorithm - new error codes for tls 1.2.
... in sslt.h ssl_hmac_sha256 - a new value in the sslmacalgorithm enum type.
...And 2 more matches

NSS 3.15.4 release notes
bug 919877 - (cve-2013-1740) when false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from pr_recv new in nss 3.15.4 new functionality implemented ocsp querying using the http get method, which is the new default, and will fall back to the http post method.
... new functions cert_forcepostmethodforocsp cert_getsubjectnamedigest cert_getsubjectpublickeydigest ssl_peercertificatechain ssl_recommendedcanfalsestart ssl_setcanfalsestartcallback new types cert_rev_m_force_post_method_for_ocsp: when this flag is used, libpkix will never attempt to use the http get method for ocsp requests; it will always use post.
...notable changes in nss 3.15.4 reordered the cipher suites offered in ssl/tls client hello messages to match modern best practices.
...And 2 more matches

NSS 3.21 release notes
in ssl.h ssl_getpreliminarychannelinfo - obtains information about a tls channel prior to the handshake being completed, for use with the callbacks that are invoked during the handshake ssl_signatureprefset - configures the enabled signature and hash algorithms for tls ssl_signatureprefget - retrieves the currently configured signature and hash algorithms ssl_signaturemaxcount - obtains t...
...he maximum number signature algorithms that can be configured with ssl_signatureprefset in utilpars.h nssutil_argparsemodulespecex - takes a module spec and breaks it into shared library string, module name string, module parameters string, nss specific parameters string, and nss configuration parameter strings.
... new types in pkcs11t.h ck_tls12_master_key_derive_params{_ptr} - parameters {or pointer} for ckm_tls12_master_key_derive ck_tls12_key_mat_params{_ptr} - parameters {or pointer} for ckm_tls12_key_and_mac_derive ck_tls_kdf_params{_ptr} - parameters {or pointer} for ckm_tls_kdf ck_tls_mac_params{_ptr} - parameters {or pointer} for ckm_tls_mac in sslt.h sslhashtype - identifies a hash function sslsignatureandhashalg - identifies a signature and hash function sslpreliminarychannelinfo - provides information about the session state prior to handshake completion new macros in nss.h nss_rsa_min_key_size - used with nss_optionset and nss_optionget to set or get the minimum rsa key size nss_dh_min_key_size - used wit...
...And 2 more matches

NSS 3.45 release notes
notable changes in nss 3.45 bug 1540403 - implement delegated credentials (draft-ietf-tls-subcerts) this adds a new experimental function: ssl_delegatecredential note: in 3.45, selfserv does not yet support delegated credentials.
... note: in 3.45 the sslchannelinfo is left unmodified, while an upcoming change in 3.46 will set sslchannelinfo.authkeybits to that of the delegated credential for better policy enforcement.
...9 - replace arm32 curve25519 implementation with one from fiat-crypto bug 1551129 - support static linking on windows bug 1552262 - expose a function pk11_findrawcertswithsubject for finding certificates with a given subject on a given slot bug 1546229 - add ipsec ike support to softoken bug 1554616 - add support for the elbrus lcc compiler (<=1.23) bug 1543874 - expose an external clock for ssl this adds new experimental functions: ssl_settimefunc, ssl_createantireplaycontext, ssl_setantireplaycontext, and ssl_releaseantireplaycontext.
...And 2 more matches

NSPR functions
however, a small number of nspr functions are required for using the certificate verification and ssl functions in nss.
... pr_now interval time the nspr socket i/o functions pr_recv and pr_send (used by the nss ssl functions) take a printervaltime timeout parameter.
... the ssl library in nss implements the ssl protocol as an nspr i/o layer, which sits on top of another nspr i/o layer that represents tcp.
...And 2 more matches

Network Security Services
applications built with nss can support ssl v3, tls, pkcs #5, pkcs #7, pkcs #11, pkcs #12, s/mime, x.509 v3 certificates, and other security standards.
... introduction to ssl introduces the ssl protocol, including information about cryptographic ciphers supported by ssl and the steps involved in the ssl handshake.
... nss ssl public functions summarizes the ssl apis exported by the nss shared libraries.
...And 2 more matches

XPCOM Interface Reference by grouping
leunicodeconverter nsiscripterror nsiscripterror2 stylesheet nsistylesheetservice url nsiuri nsiurl util nsidomserializer nsidomxpathevaluator nsidomxpathexception nsidomxpathexpression nsidomxpathresult xslt nsixsltexception nsixsltprocessor download nsidownload nsidownloadmanager nsidownloadprogresslistener element internal nsiworker nsiworkerglobalscope nsiworkermessageevent nsiworkermessageport nsiworkerscope tree nsitreeboxobject nsitreecolumn nsitreecolumns nsitreecontentview nsitreeselection nsitreeview xform nsixformsmodelelement nsixformsnsinstanceelement nsixformsnsmodelelement xmlhttprequest ...
...sijetpackservice offlinestorage nsiapplicationcache nsiapplicationcachechannel nsiapplicationcachecontainer nsiapplicationcachenamespace nsiapplicationcacheservice places nsiannotationobserver rss feed nsifeed nsifeedcontainer nsifeedelementbase nsifeedentry nsifeedgenerator nsifeedperson nsifeedprocessor nsifeedprogresslistener nsifeedresult nsifeedresultlistener nsifeedtextconstruct script mozijssubscriptloader storage mozistoragevacuumparticipant util nsieffectivetldservice worker nsiabstractworker data nsiarray nsicategorymanager nsicollection nsidictionary nsimutablearray nsisimpleenumerator nsisupportschar nsi...
... nsiauthpromptwrapper nsiasyncverifyredirectcallback content nsicontentpolicy credentials nsilogininfo nsiloginmanager using nsiloginmanager nsiloginmanagerstorage nsiloginmetainfo history nsiglobalhistory nsiglobalhistory2 nsiglobalhistory3 ssl nsibadcertlistener2 system action nsicancelable application application nsiapplicationupdateservice nsiappshell nsiappshellservice nsiappstartup xul nsixulappinfo nsixulruntime ...
...And 2 more matches

Index - Archive of obsolete content
445 addprogresslistener xul methods, xul reference no summary!
... 448 addtabsprogresslistener no summary!
... 562 removeprogresslistener xul methods, xul reference no summary!
... 565 removetabsprogresslistener xul methods, xul reference no summary!

browser - Archive of obsolete content
linkhandler, homepage, showcaret, src, type properties accessibletype, cangoback, cangoforward, contentdocument, contentprincipal, contenttitle, contentvieweredit, contentviewerfile, contentwindow, currenturi, docshell, documentcharsetinfo, homepage, markupdocumentviewer, messagemanager, preferences, securityui, sessionhistory, webbrowserfind, webnavigation, webprogress methods addprogresslistener, goback, goforward, gohome, gotoindex, loaduri, loaduriwithflags, reload, reloadwithflags, removeprogresslistener, stop, swapdocshells examples <!-- shows mozilla homepage inside a groupbox --> <groupbox flex="1"> <caption label="mozilla homepage"/> <browser type="content" src="http://www.mozilla.org" flex="1"/> </groupbox> attributes autocompleteenabled type: boolean ...
...dnodes(), insertbefore(), isdefaultnamespace(), isequalnode, issamenode, issupported(), lookupnamespaceuri, lookupprefix, normalize(), queryselector(), queryselectorall(), removeattribute(), removeattributenode(), removeattributens(), removechild(), removeeventlistener(), replacechild(), setattribute(), setattributenode(), setattributenodens(), setattributens(), setuserdata addprogresslistener( listener ) return type: no return value add a progress listener to the browser which will monitor loaded documents.
... the progress listener should implement the nsiwebprogresslistener interface.
... removeprogresslistener( listener ) return type: no return value remove a nsiwebprogresslistener from the browser.

Security - Archive of obsolete content
decryption is the process of transforming encrypted information so that it is intelligible again.introduction to public-key cryptographypublic-key cryptography and related standards and techniques underlie the security features of many products such as signed and encrypted email, single sign-on, and secure sockets layer (ssl) communications.
...for an overview of ssl, see "introduction to ssl." for an overview of encryption and decryption, see "encryption and decryption." information on digital signatures is available from "digital signatures." introduction to sslthis document introduces the secure sockets layer (ssl) protocol.
... ssl has been universally accepted on the world wide web for authenticated and encrypted communication between clients and servers.nspr release engineering guidethis paper is for engineers performing formal release for the netscape portable runtime (nspr) across all platforms.ssl and tlsthe secure sockets layer (ssl) and transport layer security (tls) protocols are universally accepted standards for authenticated and encrypted communication between clients and servers.
... both client and server authentication occur over ssl/tls.

Listening to events on all tabs
adding a listener to listen to progress events on all tabs, call the browser's addtabsprogresslistener() method: gbrowser.addtabsprogresslistener(myprogresslistener); myprogresslistener is an object that implements the callbacks used to provide notifications of progress events.
... removing a listener to remove a previously installed progress listener, call removetabsprogresslistener(): gbrowser.removetabsprogresslistener(myprogresslistener); implementing a listener the listener object itself has five methods it can implement to handle various events: onlocationchange called when the uri of the document displayed in the tab changes.
... astate a value composed of the security state flags and the security strength flags described in the documentation for nsiwebprogresslistener.
...this value is a combination of one of the state transition flags and one or more of the state type flags defined in the nsiwebprogresslistener documentation.

Introduction to Network Security Services
network security services (nss) is a set of libraries designed to support cross-platform development of communications applications that support ssl, s/mime, and other internet security standards.
...three shared libraries export public functions: the ssl library supports core ssl operations.
...so the nss library has the following forms: libnss3.so - unix shared library libnss3.sl - hp-ux shared library libnss.a - unix static library nss3.dll - windows shared library nss3.lib - windows import library binding to nss3.dll nss.lib - windows static library nss, ssl, and s/mime have all of the above forms.
... what you should already know before using nss, you should be familiar with the following topics: concepts and techniques of public-key cryptography the secure sockets layer (ssl) protocol the pkcs #11 standard for cryptographic token interfaces cross-platform development issues and techniques where to find more information for information about pki and ssl that you should understand before using nss, see the following: introduction to public-key cryptography introduction to ssl for links to api documentation, build instructions, and other useful information, s...

JSS
jss offers a implementation of java ssl sockets that uses nss's ssl/tls implementation rather than sun's jsse implementation.
... you might want to use jss's own ssl classes if you want to use some of the capabilities found in nss's ssl/tls library but not found in jsse.
... introduction to ssl.
... introduces the ssl protocol, including information about cryptographic ciphers supported by ssl and the steps involved in the ssl handshake.

NSS 3.14.3 release notes
new types ck_nss_mac_constant_time_params - parameters for use with ckm_nss_hmac_constant_time and ckm_nss_ssl3_mac_constant_time.
... ckm_nss_ssl3_mac_constant_time - constant-time mac operation for use when verifying a padded, mac-then-encrypted block of data using the sslv3 mac.
... notable changes in nss 3.14.3 cve-2013-1620 recent research by nadhem alfardan and kenny patterson has highlighted a weakness in the handling of cbc padding as used in ssl, tls, and dtls that allows an attacker to exploit timing differences in mac processing.
... nss 3.14.3 includes changes to the softoken and ssl libraries to address and mitigate these attacks, contributed by adam langley of google.

NSS 3.27.2 Release Notes
this is a patch release to address a memory leak in the ssl_settrustanchors() function.
... notable changes in nss 3.27.2 the ssl_settrustanchors() function is used to set the distinguished names that an nss server includes in its tls certificaterequest message.
... previous versions of nss leaked the memory used to store distinguished names when ssl_settrustanchors() was used.
... bugs fixed in nss 3.27.2 the following bug has been fixed in nss 3.27.2: bug 1318561 - ssl_settrustanchors leaks compatibility nss 3.27.2 shared libraries are backward compatible with all older nss 3.x shared libraries.

NSS 3.34 release notes
https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_34_rtm/src/ notable changes in nss 3.34 the following ca certificates were added: cn = gdca trustauth r5 root sha-256 fingerprint: bf:ff:8f:d0:44:33:48:7d:6a:8a:a6:0c:1a:29:76:7a:9f:c2:bb:b0:5e:42:0f:71:3a:13:b9:92:89:1d:38:93 trust flags: websites cn = ssl.com root certification authority rsa sha-256 fingerprint: 85:66:6a:56:2e:e0:be:5c:e9:25:c1:d8:89:0a:6f:76:a8:7e:c1:6d:4d:7d:5f:29:ea:74:19:cf:20:12:3b:69 trust flags: websites, email cn = ssl.com root certification authority ecc sha-256 fingerprint: 34:17:bb:06:cc:60:07:da:1b:96:1c:92:0b:8a:b4:ce:3f:ad:82:0e:4a:a3:0b:9a:cb:c4:a7:4e:bd:ce:bc:65 trust flags...
...: websites, email cn = ssl.com ev root certification authority rsa r2 sha-256 fingerprint: 2e:7b:f1:6c:c2:24:85:a7:bb:e2:aa:86:96:75:07:61:b0:ae:39:be:3b:2f:e9:d0:cc:6d:4e:f7:34:91:42:5c trust flags: websites cn = ssl.com ev root certification authority ecc sha-256 fingerprint: 22:a2:c1:f7:bd:ed:70:4c:c1:e7:01:b5:f4:08:c3:10:88:0f:e9:56:b5:de:2a:4a:44:f9:9c:87:3a:25:a7:c8 trust flags: websites cn = trustcor rootcert ca-1 sha-256 fingerprint: d4:0e:9c:86:cd:8f:e4:68:c1:77:69:59:f4:9e:a7:74:fa:54:86:84:b6:c4:06:f3:90:92:61:f4:dc:e2:57:5c trust flags: websites, email cn = trustcor rootcert ca-2 sha-256 fingerprint: 07:53:e9:40:37:8c:1b:d5:e3:83:6e:39:5d:ae:a5:cb:83:9e:50:46:f1:bd:0e:ae:19:51:cf...
... sslkeylogfile is now supported with tls 1.3, see bug 1287711 for details.
... sslchannelinfo has two new fields (bug 1396525) sslnamedgroup originalkeagroup holds the key exchange group of the original handshake, when the session was resumed.

NSS Config Options
re will be accepted, and dh key exchange with 1024-bit primes or more: config="disallow=all allow=sha1:sha256:secp256r1:secp384r1:min-rsa=2048:min-dh=1024" a policy that enables the aes ciphersuites and the secp256/384 curves: config="allow=aes128-cbc:aes128-gcm::hmac-sha1:sha1:sha256:sha384:rsa:ecdhe-rsa:secp256r1:secp384r1" turn off md5 config="disallow=md5" turn off md5 and sha1 only for ssl config="disallow=md5(ssl):sha1(ssl)" disallow values are parsed first, and then allow values, independent of the order in which they appear.
...flags: turn on the following flags: ssl-lock: turn off the ability for applications to change policy with the ssl_setcipherpolicy (or ssl_setpolicy).
... ssl-default-lock: turn off the ability for applications to change cipher suite states with ssl_enablecipher, ssl_disablecipher.
...t283r1 sect409k1 sect409r1 sect571k1 sect571r1 hashes md2 md4 md5 sha1 sha224 sha256 sha384 sha512 macs hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmac-md5 ciphers aes128-cbc aes192-cbc aes256-cbc aes128-gcm aes192-gcm aes256-gcm camellia128-cbc camellia192-cbc camellia256-cbc seed-cbc des-ede3-cbc des-40-cbc des-cbc null-cipher rc2 rc4 idea ssl key exchanges rsa rsa-export dhe-rsa dhe-dss dh-rsa dh-dss ecdhe-ecdsa ecdhe-rsa ecdh-ecdsa ecdh-rsa restrictions for asymmetric keys (integers) rsa-min dh-min dsa-min constraints on ssl protocols versions (integers) tls-version-min tls-version-max constraints on dtls protocols versions (integers) dtls-version-min dtls-version-max policy flags for algorithms ssl ssl-key-exc...

PKCS #11 Module Specs
ssl - this token should be used for ssl key derivation which are not constrained by an existing key in another token.
... sample file: library= name="netscape internal crypto module" parameters="configdir=/u/relyea/.netscape certprefix= secmod=secmod.db" nss="flags=internal,pkcs11module trustorder=1 cipherorder=-1 ciphers= slotparams={0x1=[slotflags='rsa,dsa,dh,rc4,rc2,des,md2,md5,sha1,ssl,tls,publiccerts,random'] 0x2=[slotflags='rsa' askpw=only]}" library=dkck32.dll name="datakey signasure 3600" nss="trustorder=50 ciphers= " library=swft32.dll name="netscape software fortezza" parameters="keyfile=/u/relyea/keyfile" nss="trustorder=50 ciphers=fortezza slotparams=0x1=[slotflags='fortezza']" library=core32.dll name="litronic netsign" softoken specific parameters the internal nss p...
... fipsslotdescription override the default slotdecription value for the internal fips token returned in the ck_slot_info structure with an internationalize string (utf8).
...igdir tokendescription=cryptotokendescription slotdescription=cryptoslotdescription flags=nocertdb,nokeydb,optimizespace] 0x02=[configdir=configdir tokendescription=dbtokendescription slotdescription=dbslotdescription certprefix=certprefix keyprefix=keyprefix flags=flags minpwlen=minpwlen]> in fips mode: tokens=<0x03=[configdir=configdir tokendescription=fipstokendescription slotdescription=fipsslotdescription certprefix=certprefix keyprefix=keyprefix flags=flags minpwlen=minpwlen]> where configdir, cryptotokendescription, cryptoslotdescription, dbtokendescription, dbslotdescription, fipstokendescription, fipsslotdescription, optimizespace, certprefix, keyprefix, flags, and minpwlen are copied from the parameters above.

nsISocketTransport
securitycallbacks nsiinterfacerequestor security notification callbacks passed to the secure socket provider via nsisslsocketcontrol at socket creation time.
... this object supports nsibadcertlistener2 and nsisslerrorlistener for ssl connections, and possibly other interfaces.
...this object supports nsisslsocketcontrol, nsitransportsecurityinfo, and possibly other interfaces.
...for example, an ssl connection would not send any client-certificates if this flag is set.

XPCOM Interface Reference
motionlistenernsidialogcreatornsidialogparamblocknsidictionarynsidirindexnsidirindexlistenernsidirindexparsernsidirectoryenumeratornsidirectoryiteratornsidirectoryservicensidirectoryserviceprovidernsidirectoryserviceprovider2nsidiskcachestreaminternalnsidispatchsupportnsidocshellnsidocumentloadernsidownloadnsidownloadhistorynsidownloadmanagernsidownloadmanageruinsidownloadobservernsidownloadprogresslistenernsidownloadernsidragdrophandlernsidragservicensidragsessionnsidroppedlinkhandlernsidroppedlinkitemnsidynamiccontainernsieditornsieditorboxobjectnsieditordocshellnsieditorimesupportnsieditorloggingnsieditormailsupportnsieditorobservernsieditorspellchecknsieffectivetldservicensienumeratornsienvironmentnsierrorservicensieventlistenerinfonsieventlistenerservicensieventsourcensieventtargetnsiexc...
...eptionnsiextensionmanagernsiexternalhelperappservicensiexternalprotocolservicensiexternalurlhandlerservicensiftpchannelnsiftpeventsinknsifactorynsifavicondatacallbacknsifaviconservicensifeednsifeedcontainernsifeedelementbasensifeedentrynsifeedgeneratornsifeedpersonnsifeedprocessornsifeedprogresslistenernsifeedresultnsifeedresultlistenernsifeedtextconstructnsifilensifileinputstreamnsifileoutputstreamnsifilepickernsifileprotocolhandlernsifilespecnsifilestreamsnsifileurlnsifileutilitiesnsifileviewnsifocusmanagernsiformhistory2nsiframeloadernsiframeloaderownernsiframemessagelistenernsiframemessagemanagernsiframescriptloadernsigsettingscollectionnsigsettingsservicensigeolocationprovidernsigeolocationupdatensiglobalhistorynsiglobalhistory2nsiglobalhistory3nsihtmleditornsihttpheaderlistenernsihaptic...
...sipromptnsipromptservicensipropertiesnsipropertynsipropertybagnsipropertybag2nsipropertyelementnsiprotocolhandlernsiprotocolproxycallbacknsiprotocolproxyfilternsiprotocolproxyservicensiproxyinfonsipushmessagensipushservicensipushsubscriptionnsiradiointerfacelayernsirandomgeneratornsirequestnsirequestobservernsiresumablechannelnsirunnablensishentrynsishistorynsishistorylistenernsisockssocketinfonsisslerrorlistenernsisslsocketcontrolnsiscreennsiscreenmanagernsiscripterrornsiscripterror2nsiscriptableionsiscriptableinputstreamnsiscriptableunescapehtmlnsiscriptableunicodeconverternsiscrollablensisearchenginensisearchsubmissionnsisecuritycheckedcomponentnsiseekablestreamnsiselectionnsiselection2nsiselection3nsiselectioncontrollernsiselectionimageservicensiselectionprivatensiserversocketnsiserversoc...
...siuploadchannelnsiuploadchannel2nsiurllistmanagercallbacknsiusercertpickernsiuserinfonsivariantnsiversioncomparatornsiweakreferencensiwebbrowsernsiwebbrowserchromensiwebbrowserchrome2nsiwebbrowserchrome3nsiwebbrowserchromefocusnsiwebbrowserfindnsiwebbrowserfindinframesnsiwebbrowserpersistnsiwebcontenthandlerregistrarnsiwebnavigationnsiwebnavigationinfonsiwebpagedescriptornsiwebprogressnsiwebprogresslistenernsiwebprogresslistener2nsiwebsocketchannelnsiwebsocketlistenernsiwebappssupportnsiwifiaccesspointnsiwifilistenernsiwifimonitornsiwinaccessnodensiwinapphelpernsiwintaskbarnsiwindowcreatornsiwindowmediatornsiwindowwatchernsiwindowsregkeynsiwindowsshellservicensiworkernsiworkerfactorynsiworkerglobalscopensiworkermessageeventnsiworkermessageportnsiworkerscopensiwritablepropertybagnsiwritablepro...

DOMTokenList - Web APIs
such a set is returned by element.classlist, htmllinkelement.rellist, htmlanchorelement.rellist, htmlareaelement.rellist, htmliframeelement.sandbox, or htmloutputelement.htmlfor.
... examples in the following simple example, we retrieve the list of classes set on a <p> element as a domtokenlist using element.classlist, add a class using domtokenlist.add(), and then update the node.textcontent of the <p> to equal the domtokenlist.
... first, the html: <p class="a b c"></p> now the javascript: let para = document.queryselector("p"); let classes = para.classlist; para.classlist.add("d"); para.textcontent = `paragraph classlist is "${classes}"`; the output looks like this: trimming of whitespace and removal of duplicates methods that modify the domtokenlist (such as domtokenlist.add()) automatically trim any excess whitespace and remove duplicate values from the list.
... for example: <span class=" d d e f"></span> let span = document.queryselector("span"); let classes = span.classlist; span.classlist.add("x"); span.textcontent = `span classlist is "${classes}"`; the output looks like this: specifications specification status comment domthe definition of 'domtokenlist' in that specification.

SubtleCrypto.verify() - Web APIs
*/ async function verifymessage(publickey) { const signaturevalue = document.queryselector(".rsassa-pkcs1 .signature-value"); signaturevalue.classlist.remove("valid", "invalid"); let encoded = getmessageencoding(); let result = await window.crypto.subtle.verify( "rsassa-pkcs1-v1_5", publickey, signature, encoded ); signaturevalue.classlist.add(result ?
...*/ async function verifymessage(publickey) { const signaturevalue = document.queryselector(".rsa-pss .signature-value"); signaturevalue.classlist.remove("valid", "invalid"); let encoded = getmessageencoding(); let result = await window.crypto.subtle.verify( { name: "rsa-pss", saltlength: 32, }, publickey, signature, encoded ); signaturevalue.classlist.add(result ?
...*/ async function verifymessage(publickey) { const signaturevalue = document.queryselector(".ecdsa .signature-value"); signaturevalue.classlist.remove("valid", "invalid"); let encoded = getmessageencoding(); let result = await window.crypto.subtle.verify( { name: "ecdsa", hash: {name: "sha-384"}, }, publickey, signature, encoded ); signaturevalue.classlist.add(result ?
...*/ async function verifymessage(key) { const signaturevalue = document.queryselector(".hmac .signature-value"); signaturevalue.classlist.remove("valid", "invalid"); let encoded = getmessageencoding(); let result = await window.crypto.subtle.verify( "hmac", key, signature, encoded ); signaturevalue.classlist.add(result ?

WebGL best practices - Web APIs
the essl3 spec says this under "error handling": the implementation should report errors as early a possible but in any case must satisfy the following: all lexical, grammatical and semantic errors must have been detected following a call to gllinkprogram errors due to mismatch between the vertex and fragment shader (link errors) must have been detected following a call to gllinkprogram errors due ...
...; } consider: gl.compileshader(vs); gl.compileshader(fs); gl.linkprogram(prog); if (!gl.getprogramparameter(vs, gl.link_status)) { console.error('link failed: ' + gl.getprograminfolog(prog)); console.error('vs info-log: ' + gl.getshaderinfolog(vs)); console.error('fs info-log: ' + gl.getshaderinfolog(fs)); } be precise with glsl variable precision annotations if you expect to pass an essl300 int between shaders, and you need it to have 32-bits, you must use highp or you will have portability problems.
... a good pattern for "always give me the highest precision": #ifdef gl_fragment_precision_high precision highp float; #else precision mediump float; #endif essl100 minimum requirements (webgl 1) float think range min above zero precision highp float24* (-2^62, 2^62) 2^-62 2^-16 relative mediump ieee float16 (-2^14, 2^14) 2^-14 2^-10 relative lowp 10-bit signed fixed (-2, 2) 2^-8 2^-8 absolute int think range highp int17 (-2^16...
..., 2^16) mediump int11 (-2^10, 2^10) lowp int9 (-2^8, 2^8) *float24: sign bit, 7-bit for exponent, 16-bit for mantissa essl300 minimum requirements (webgl 2) float think range min above zero precision highp ieee float32 (-2^126, 2^127) 2^-126 2^-24 relative mediump ieee float16 (-2^14, 2^14) 2^-14 2^-10 relative lowp 10-bit signed fixed (-2, 2) 2^-8 2^-8 absolute (u)int think int range unsigned int range highp (u)int32 [-2^31, 2^31] [0, 2^32] mediump (u)int16 [-2^15, 2^15] [0, 2^16] lowp (u)int9 [-2^8, 2^8] [0, 2^9] prefer builtins like dot, mix, and normalize instead of buiding y...

Navigation and resource timings - Web Performance
calculating timings we can use these values to measure specific timings of interest: let dns = time.domainlookupend - time.domainlookupstart, tcp = time.connectend - time.connectstart, ssl != time.secureconnectionstart, time to first byte time to first byte is the time between the navigationstart (start of the navigation) and responsestart, (when the first byte of response data is received) available in the performancetiming api: let ttfb = time.responsestart - time.navigationstart; page load time page load time is the time between navigationstart and the start of when the lo...
... let dns = time.domainlookupend - time.domainlookupstart; tcp the time it takes for the tcp handshake is the time between the connection start and connection end: tcp = time.connectend - time.connectstart; ssl negotiation secureconnectionstart will be undefined if not available, 0 if https in not used, or a time stamp if available, and used.
... ssl = time.requeststart - time.secureconnectionstart; performance entry api the general performance timings above are deprecated but fully supported.
... navigation timing when a user requests a web site or application, to populate the browser the user agent goes through a series of steps, including a dns lookup, tcp handshake, and ssl negotiation, before the user agent makes the actual request and the servers return the requested assets.

Transport Layer Security - Web security
history when https was introduced, it was based on secure sockets layer (ssl) 2.0, a technology introduced by netscape.
... it was updated to ssl 3.0 not long after, and as its usage expanded, it became clear that a common, standard encryption technology needed to be specified to ensure interoperability among all web browsers and servers.
... despite the fact that the web now uses tls for encryption, many people still refer to it as "ssl" out of habit.
...for instance, the names used in openssl and gnutls differ from those in the tls standards.

Signing an XPI - Archive of obsolete content
the cheapest universally supported (mozilla, java, microsoft) certificate seems to be the comodo instant-ssl offering.
... here are some current issuers: comodo instant-ssl code signing digi-sign digi-code geotrust code signing thawte code signing (owned by verisign) unizeto certum code-signing (free certificates for open-source authors) verisign code signing you will need to apply for a code signing certificate and satisfy the issuer's identity verification procedures.
...i downloaded the certum root ca and certum level iii ca digital id for web and ssl/tls servers, copied the text and saved them to the files c:\projects\codesigning\certum root ca.cer and c:\projects\codesigning\certum level iii ca.cer.

Java in Firefox Extensions - Archive of obsolete content
a_demo/ ] for privileges, the basic procedure is: download and include http://simile.mit.edu/repository/jav...nsionutils.jar within your extension (you can also build your own from the source files at http://simile.mit.edu/repository/jav...xtensionutils/ ) build and add references leading to this jar and all other jars in your extension within an array of java.net.url's, pass to java.net.urlclassloader to get a class loader, and finally pass the classloader and array to a function which gives the necessary privileges: // this function will be called to give the necessary privileges to your jar files // however, the policy never comes into play, because // (1) adding permissions doesn't add to the policy itself, and // (2) addurl alone does not set the grant codebase function policy...
...// guid of extension getitemlocation("test@yoursite"); //the path logic would work if we include em:unpack for ff 4.x, for ff 3.x since things are unpacked by default things work // get path to the jar files (the following assumes your jars are within a // directory called "java" at the root of your extension's folder hierarchy) // you must add this utilities (classloader) jar to give your extension full privileges var extensionurl = "file:///" + extensionpath.path.replace(/\\/g,"/"); var classloaderjarpath = extensionurl + "/java/javafirefoxextensionutils.jar"; // add the paths for all the other jar files that you will be using var myjarpath = extensionurl + "/java/testjava.jar"; // seems you don't actually have to replace the backslashes as they work as wel...
...l var urlarray = []; // build a regular javascript array (liveconnect will auto-convert to a java array) urlarray[0] = new java.net.url(myjarpath); urlarray[1] = new java.net.url(classloaderjarpath); var cl = java.net.urlclassloader.newinstance(urlarray); //set security policies using the above policyadd() function policyadd(cl, urlarray); now you can begin using liveconnect, including referencing the classes in your jars.

MDN Web Docs Glossary: Definitions of Web-related terms
itu j jank java javascript jpeg jquery json k key keyword l latency layout viewport lazy load lgpl ligature local scope local variable locale localization long task loop lossless compression lossy compression ltr (left to right) m main axis main thread markup mathml media media (audio-visual presentation) media (css) metadata method microsoft edge microsoft internet explorer middleware mime mime type mi...
... nat native navigation directive netscape navigator network throttling nntp node node (dom) node (networking) node.js non-normative normative null nullish value number o object object reference oop opengl openssl opera browser operand operator origin ota owasp p p2p pac packet page load time page prediction parameter parent object parse parser pdf perceived performance percent-encoding php pixel placehol...
...ansport protocol) and srtp (secure rtp) rtsp: real-time streaming protocol ruby s safe same-origin policy scm scope screen reader script-supporting element scroll container scrollport sctp sdp search engine second-level domain secure sockets layer (ssl) selector (css) self-executing anonymous function semantics seo serialization server server timing session hijacking sgml shadow tree shim signature signature (functions) signature (security) simd simple header simple response header sis...

Example 4 - Learn web development
ct .option { padding: .2em .3em; } .select .highlight { background: #000; color: #ffffff; } javascript content // ------- // // helpers // // ------- // nodelist.prototype.foreach = function (callback) { array.prototype.foreach.call(this, callback); } // -------------------- // // function definitions // // -------------------- // function deactivateselect(select) { if (!select.classlist.contains('active')) return; var optlist = select.queryselector('.optlist'); optlist.classlist.add('hidden'); select.classlist.remove('active'); } function activeselect(select, selectlist) { if (select.classlist.contains('active')) return; selectlist.foreach(deactivateselect); select.classlist.add('active'); }; function toggleoptlist(select, show) { var optlist = select.query...
...selector('.optlist'); optlist.classlist.toggle('hidden'); } function highlightoption(select, option) { var optionlist = select.queryselectorall('.option'); optionlist.foreach(function (other) { other.classlist.remove('highlight'); }); option.classlist.add('highlight'); }; function updatevalue(select, index) { var nativewidget = select.previouselementsibling; var value = select.queryselector('.value'); var optionlist = select.queryselectorall('.option'); nativewidget.selectedindex = index; value.innerhtml = optionlist[index].innerhtml; highlightoption(select, optionlist[index]); }; function getindex(select) { var nativewidget = select.previouselementsibling; return nativewidget.selectedindex; }; // ------------- // // event binding // // ------------- // ...
... window.addeventlistener("load", function () { var form = document.queryselector('form'); form.classlist.remove("no-widget"); form.classlist.add("widget"); }); window.addeventlistener('load', function () { var selectlist = document.queryselectorall('.select'); selectlist.foreach(function (select) { var optionlist = select.queryselectorall('.option'); optionlist.foreach(function (option) { option.addeventlistener('mouseover', function () { highlightoption(select, option); }); }); select.addeventlistener('click', function (event) { toggleoptlist(select); }); select.addeventlistener('focus', function (event) { activeselect(select, selectlist); }); select.addeventlistener('blur', function (event) { deactivatese...

Example 5 - Learn web development
ct .option { padding: .2em .3em; } .select .highlight { background: #000; color: #ffffff; } javascript content // ------- // // helpers // // ------- // nodelist.prototype.foreach = function (callback) { array.prototype.foreach.call(this, callback); } // -------------------- // // function definitions // // -------------------- // function deactivateselect(select) { if (!select.classlist.contains('active')) return; var optlist = select.queryselector('.optlist'); optlist.classlist.add('hidden'); select.classlist.remove('active'); } function activeselect(select, selectlist) { if (select.classlist.contains('active')) return; selectlist.foreach(deactivateselect); select.classlist.add('active'); }; function toggleoptlist(select, show) { var optlist = select.query...
...selector('.optlist'); optlist.classlist.toggle('hidden'); } function highlightoption(select, option) { var optionlist = select.queryselectorall('.option'); optionlist.foreach(function (other) { other.classlist.remove('highlight'); }); option.classlist.add('highlight'); }; function updatevalue(select, index) { var nativewidget = select.previouselementsibling; var value = select.queryselector('.value'); var optionlist = select.queryselectorall('.option'); optionlist.foreach(function (other) { other.setattribute('aria-selected', 'false'); }); optionlist[index].setattribute('aria-selected', 'true'); nativewidget.selectedindex = index; value.innerhtml = optionlist[index].innerhtml; highlightoption(select, optionlist[index]); }; function getindex(select)...
... { var nativewidget = select.previouselementsibling; return nativewidget.selectedindex; }; // ------------- // // event binding // // ------------- // window.addeventlistener("load", function () { var form = document.queryselector('form'); form.classlist.remove("no-widget"); form.classlist.add("widget"); }); window.addeventlistener('load', function () { var selectlist = document.queryselectorall('.select'); selectlist.foreach(function (select) { var optionlist = select.queryselectorall('.option'), selectedindex = getindex(select); select.tabindex = 0; select.previouselementsibling.tabindex = -1; updatevalue(select, selectedindex); optionlist.foreach(function (option, index) { option.addeventlistener('mouseover', function () { hi...

mozbrowsersecuritychange
details the details property returns an anonymous javascript object with the following properties: state a domstring representing the current state of ssl security.
... extendedvalidation a boolean indicating if the current ssl certificate is an extended validation certificate (true) or not (false).
... example var browser = document.queryselector("iframe"); browser.addeventlistener("mozbrowsersecuritychange", function( event ) { console.log("the ssl state is:" + event.details.state); }); related events mozbrowserasyncscroll mozbrowserclose mozbrowsercontextmenu mozbrowsererror mozbrowsericonchange mozbrowserloadend mozbrowserloadstart mozbrowserlocationchange mozbrowseropenwindow mozbrowsertitlechange mozbrowserusernameandpasswordrequired ...

Overview of Mozilla embedding APIs
contract-id: ns_document_loader_service_contractid implemented interfaces: nsiwebprogress nsidocumentloader related interfaces: nsiwebprogresslistener public components nswebbrowser the nswebbrowser is the main embedding component which gecko exposes.
...er_contractid implemented interfaces: nsiwebbrowser nsiwebnavigation nsiwebbrowsersetup nsiwebbrowserpersist nsiwebbrowserfind nsiwebbrowserprint nsiwebbrowserfocus nsibasewindow requestor interfaces: nsidomwindow nsidomdocument nsiwebprogress nsiclipboardcommands nsiprompt related interfaces: nsiprompt nsiwebbrowserchrome nsiwebbrowsersitewindow nsiwebprogresslistener nsicontextmenulistener nsiprintoptions overview: most of gecko's functionality is exposed through the nswebbrowser component.
...interface definition: nsiwebprogresslistener interface status...

Embedding Tips
implement the nsiwebprogresslistener interface and register it with the appropriate web browser object via the nsiwebbrowser::addwebbrowserlistener() method.
...register your own nsiwebprogresslistener object to listen for progress and state notifications.
... register your ownnsiwebprogresslistener object to listen for progress and state notifications.

NSS_3.12.1_release_notes.html
bug 311432: ecc's ecl_use_fp code (for linux x86) fails pairwise consistency test bug 330622: certutil's usage messages incorrectly document certain options bug 330628: coreconf/linux.mk should _not_ default to x86 but result in an error if host is not recognized bug 359302: remove the sslsample code from nss source tree bug 372241: need more versatile form of cert_nametoascii bug 390296: nss ignores subject cn even when san contains no dnsname bug 401928: support generalized pkcs#5 v2 pbes bug 403543: pkix: need a way to enable/disable aia cert fetching bug 408847: pkix_ocspchecker_check does not support specified responder (and given signercert) bug 414003: crash [[@ ...
...cert_decodecertpackage] sometimes with this testcase bug 415167: memory leak in certutil bug 417399: arena allocation results are not checked in pkix_pl_infoaccess_parselocation bug 420644: improve ssl tracing of key derivation bug 426886: use const char* in pk11_importcertforkey bug 428103: cert_encodesubjectkeyid is not defined in any public header file bug 429716: debug builds of libpkix unconditionally dump socket traffic to stdout bug 430368: vfychain -t option is undocumented bug 430369: vfychain -o succeeds even if -pp is not specified bug 430399: vfychain -pp crashes bug 430405: error log is not produced by cert_pkixverifycert bug 430743: update ssltap to understand the tls session ticket extension bug 430859: pkix: policy mapping fails verification with error ...
...invalid arguments bug 430875: document the policy for the order of cipher suites in ssl_implementedciphers.

NSS 3.16.2.3 release notes
new macros in ssl.h ssl_enable_fallback_scsv - an ssl socket option that enables tls_fallback_scsv.
... in sslerr.h ssl_error_inappropriate_fallback_alert - a new ssl error code.
... in sslproto.h tls_fallback_scsv - a a signaling cipher suite value that indicates a handshake is the result of tls version fallback.

NSS 3.16.2 release notes
new macros in sslerr.h ssl_error_next_protocol_no_callback - an ssl error code that means the next protcol negotiation extension was enabled, but the callback was cleared prior to being needed.
... ssl_error_next_protocol_no_protocol - an ssl error code that means the server supports no protocols that the client advertises in the alpn extension.
... the certutil command has three new certificate usage specifiers: l: certificateusagesslca a: certificateusageanyca y: certificateusageverifyca the pp command has a new command-line option -u, which means "use utf-8".

NSS 3.16 release notes
new macros in sslproto.h tls_rsa_with_rc4_128_sha, tls_rsa_with_3des_ede_cbc_sha, etc.
... - cipher suites that were first defined in ssl 3.0 can now be referred to with their official iana names in tls, with the tls_ prefix.
... previously, they had to be referred to with their names in ssl 3.0, with the ssl_ prefix.

NSS 3.17.1 release notes
new macros in ssl.h ssl_enable_fallback_scsv - an ssl socket option that enables tls_fallback_scsv.
... in sslerr.h ssl_error_inappropriate_fallback_alert - a new ssl error code.
... in sslproto.h tls_fallback_scsv - a a signaling cipher suite value that indicates a handshake is the result of tls version fallback.

NSS 3.17 release notes
nss 3.17 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_17_rtm/src/ new in nss 3.17 new functionality when using ecdhe, the tls server code may be configured to generate a fresh ephemeral ecdh key for each handshake, by setting the ssl_reuse_server_ecdhe_key socket option to pr_false.
... the ssl_reuse_server_ecdhe_key option defaults to pr_true, which means the server's ephemeral ecdh key is reused for multiple handshakes.
... new macros in ssl.h ssl_reuse_server_ecdhe_key notable changes in nss 3.17 the manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in nss 3.16.2.

NSS 3.22 release notes
in ssl.h ssl_peersignedcerttimestamps - get signed_certificate_timestamp tls extension data ssl_setsignedcerttimestamps - set signed_certificate_timestamp tls extension data new types in secoidt.h the following are added to secoidtag: sec_oid_aes_128_gcm sec_oid_aes_192_gcm sec_oid_aes_256_gcm sec_oid_idea_cbc sec_oid_rc2_40_cbc sec_oid_des_40...
...s_dh_rsa sec_oid_tls_dh_dss sec_oid_tls_dh_anon sec_oid_tls_ecdhe_ecdsa sec_oid_tls_ecdhe_rsa sec_oid_tls_ecdh_ecdsa sec_oid_tls_ecdh_rsa sec_oid_tls_ecdh_anon sec_oid_tls_rsa_export sec_oid_tls_dhe_rsa_export sec_oid_tls_dhe_dss_export sec_oid_tls_dh_rsa_export sec_oid_tls_dh_dss_export sec_oid_tls_dh_anon_export sec_oid_apply_ssl_policy in sslt.h ssl_signed_cert_timestamp_xtn is added to sslextensiontype.
...mac_sha384 - prf based on hmac with sha-256 for pbkdf ckp_pkcs5_pbkd2_hmac_sha512 - prf based on hmac with sha-256 for pbkdf ckp_pkcs5_pbkd2_hmac_sha512_224 - prf based on hmac with sha-512 truncated to 224 bits for pbkdf (not supported) ckp_pkcs5_pbkd2_hmac_sha512_256 - prf based on hmac with sha-512 truncated to 256 bits for pbkdf (not supported) in secoidt.h nss_use_alg_in_ssl nss_use_policy_in_ssl in ssl.h ssl_enable_signed_cert_timestamps in sslt.h ssl_max_extensions is updated to 13 notable changes in nss 3.22 nss c++ tests are built by default, requiring a c++11 compiler.

NSS 3.31 release notes
ssl_versionrangegetsupported can be used to query the overlap between the library's supported range of tls versions and the systemwide policy.
... previously, ssl_versionrangeset and ssl_versionrangesetdefault returned a failure if the requested version range wasn't fully allowed by the systemwide crypto policy.
...an application may call ssl_versionrangeget and ssl_versionrangegetdefault to query the tls version range that was effectively activated.

NSS 3.46 release notes
bugs fixed in nss 3.46 bug 1572164 - don't unnecessarily free session in nsc_wrapkey bug 1574220 - improve controls after errors in tstcln, selfserv and vfyserv cmds bug 1550636 - upgrade sqlite in nss to a 2019 version bug 1572593 - reset advertised extensions in ssl_constructextensions bug 1415118 - nss build with ./build.sh --enable-libpkix fails bug 1539788 - add length checks for cryptographic primitives (cve-2019-17006) bug 1542077 - mp_set_ulong and mp_set_int should return errors on bad values bug 1572791 - read out-of-bounds in der_decodetimechoice_util from sslexp_delegatecredential bug 1560593 - cleanup.sh script does not set error exit code fo...
...hangs on windows x64 when building nss since changeset 9162c654d06915f0f15948fbf67d4103a229226f bug 1564875 - improve rebuilding with build.sh bug 1565243 - support tc_owner without email address in nss taskgraph bug 1563778 - increase maxruntime on mac taskcluster tools, ssl tests bug 1561591 - remove -wmaybe-uninitialized warning in tstclnt.c bug 1561587 - remove -wmaybe-uninitialized warning in lgattr.c bug 1561558 - remove -wmaybe-uninitialized warning in httpserv.c bug 1561556 - remove -wmaybe-uninitialized warning in tls13esni.c bug 1561332 - ec.c:28 warning: comparison of integers of different signs: 'int' and 'unsigned long' bug 1564714 - print certutil ...
...mull2 bug 1528666 - correct resumption validation checks bug 1568803 - more tests for client certificate authentication bug 1564284 - support profile mobility across windows and linux bug 1573942 - gtest for pkcs11.txt with different breaking line formats bug 1575968 - add strsclnt option to enforce the use of either ipv4 or ipv6 bug 1549847 - fix nss builds on ios bug 1485533 - enable nss_ssl_tests on taskcluster this bugzilla query returns all the bugs fixed in nss 3.46: https://bugzilla.mozilla.org/buglist.cgi?resolution=fixed&classification=components&query_format=advanced&product=nss&target_milestone=3.46 compatibility nss 3.46 shared libraries are backward compatible with all older nss 3.x shared libraries.

NSS 3.52 release notes
bug 1629661 - mpconfig calls in ssl initialize policy before nss is initialized.
... bug 1618915 - fix ubsan issue in ssl_parsesessionticket.
... bug 1618739 - don't assert fuzzer behavior in ssl_parsesessionticket.

NSS 3.54 release notes
bug 1642871 - enable ssl_sendsessionticket after resumption.
... bug 1643123 - support ssl_exportearlykeyingmaterial with external psks.
... bug 1644774 - ssl gtests to use clearservercache when resetting self-encrypt keys.

nss tech note4
pulling certificate extension information out of ssl certificates nss technical note: 4 note: this document contains code snippets that focus on essential aspects of the task and often do not illustrate all the cleanup that needs to be done.
... include these files #include "ssl.h" #include "cert.h" get the handle of the cert associated with an ssl connection certcertificate* cert = ssl_peercertificate(prfiledesc *fd); if ssl client, this will get you the server's cert handle; if ssl server, this will get you the client's cert handle if client auth is enabled certcertificate* cert = ssl_localcertificate(prfiledesc *fd); if ssl client, this will get you the client cert's handle, if client auth happened if ssl server, this will get you the serv...
... secstatus cert_findsubjectkeyidexten (certcertificate *cert, secitem *retitem); for more information browse through the nss source code online at http://lxr.mozilla.org/mozilla/source/security/nss/ and http://lxr.mozilla.org/security/ documentation on some cert funcs http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslcrt.html ...

nss tech note5
see wrapmechanismlist in security/nss/lib/pk11wrap/pk11slot.c and security/nss/lib/ssl/ssl3con.c for examples of wrapping mechanisms.
...see wrapmechanismlist in security/nss/lib/pk11wrap/pk11slot.c and security/nss/lib/ssl/ssl3con.c for examples of wrapping mechanisms.
...see wrapmechanismlist in security/nss/lib/pk11wrap/pk11slot.c and security/nss/lib/ssl/ssl3con.c for examples of wrapping mechanisms.

PKCS11 FAQ
if multiple pkcs #11 modules are loaded, how does nss determine which ones to use for the mechanisms required by ssl?
... if i have a multipurpose token that supports all required pkcs #11 functions and provides rsa_pkcs and dsa mechanisms but but not aes, des or rc4, will nss use the token for the rsa_pkcs mechanisms and the nss internal pkcs #11 module for aes, des or rc4 when making an ssl connection?
... once nss starts using a token for a given operation (like s/mime or ssl), it works hard to keep using that same token (so keys don't get moved around).

NSS tools : modutil
modutil supports several mechanisms: rsa, dsa, rc2, rc4, rc5, aes, des, dh, sha1, sha256, sha512, ssl, tls, md5, md2, random (for random number generation), and friendly (meaning certificates are publicly readable).
...ernal pkcs #11 module" -dbdir sql:/home/my/sharednssdb ----------------------------------------------------------- name: nss internal pkcs #11 module library file: **internal only module** manufacturer: mozilla foundation description: nss internal crypto services pkcs #11 version 2.20 library version: 3.11 cipher enable flags: none default mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:aes slot: nss internal cryptographic services slot mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:aes manufacturer: mozilla foundation type: software version number: 3.11 firmware version: 0.0 status: enabled token name: nss generic crypto services token manufacturer: mozilla foundation token model: nss 3 token serial number: 0000000000000000 token version: 4.0 token fi...
...certprefix= keyprefix= secmod=secmod.db flags=readonly " nss="trustorder=75 cipherorder=100 slotparams={0x00000001=[slotflags=rsa,rc4,rc2,des,dh,sha1,md5,md2,ssl,tls,aes,random askpw=any timeout=30 ] } flags=internal,critical" setting a default provider for security mechanisms multiple security modules may provide support for the same security mechanisms.

NSS tools : modutil
modutil supports several mechanisms: rsa, dsa, rc2, rc4, rc5, aes, des, dh, sha1, sha256, sha512, ssl, tls, md5, md2, random (for random number generation), and friendly (meaning certificates are publicly readable).
...rnal pkcs #11 module" -dbdir sql:/home/my/sharednssdb ----------------------------------------------------------- name: nss internal pkcs #11 module library file: **internal only module** manufacturer: mozilla foundation description: nss internal crypto services pkcs #11 version 2.20 library version: 3.11 cipher enable flags: none default mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:aes slot: nss internal cryptographic services slot mechanism flags: rsa:rc2:rc4:des:dh:sha1:md5:md2:ssl:tls:aes manufacturer: mozilla foundation type: software version number: 3.11 firmware version: 0.0 status: enabled token name: nss generic crypto services token manufacturer: mozilla foundation token model: nss 3 token serial number: 0000000000000000 tok...
...certprefix= keyprefix= secmod=secmod.db flags=readonly " nss="trustorder=75 cipherorder=100 slotparams={0x00000001=[slotflags=rsa,rc4,rc2,des,dh,sha1,md5,md2,ssl,tls,aes,random askpw=any timeout=30 ] } flags=internal,critical" setting a default provider for security mechanisms multiple security modules may provide support for the same security mechanisms.

nsIPrintingPrompt
a xul dialog method overview void showpagesetup(in nsiprintsettings printsettings, in nsiobserver aobs); void showprintdialog(in nsiwebbrowserprint webbrowserprint, in nsiprintsettings printsettings); void showprogress(in nsiwebbrowserprint webbrowserprint, in nsiprintsettings printsettings, in nsiobserver opendialogobserver, in boolean isforprinting, out nsiwebprogresslistener webprogresslistener, out nsiprintprogressparams printprogressparams, out boolean notifyonopen); methods showpagesetup() shows the print progress dialog.
... void showprogress( in nsiwebbrowserprint webbrowserprint, in nsiprintsettings printsettings, in nsiobserver opendialogobserver, in boolean isforprinting, out nsiwebprogresslistener webprogresslistener, out nsiprintprogressparams printprogressparams, out boolean notifyonopen ); parameters webbrowserprint represents the document to be printed.
... webprogresslistener additional listener can be registered for progress notifications.

nsISocketProvider
it is implemented by several types of socket classes like: udp, socks, tls, ssl, and so on.
...for example, an ssl connection would not send any client-certificates if this flag is set.
...for example, ssl via a socks proxy.

nsISpeculativeConnect
netwerk/base/public/nsispeculativeconnect.idlscriptable lets non-networking code provide hints to the networking layer that an http connection attempt to a particular site is likely to happen soon; this lets the networking layer begin setting up tcp and, if appropriate, ssl handshakes to save time when the connection is actually opened later.
...the code implementing this method may use this information to start a tcp and/or ssl level handshake for that resource immediately so that it is ready (or at least in the process of becoming ready) when the transaction is actually submitted.
...acallbacks any security callbacks for use with ssl for interfaces such as nsibadcertlistener.

nsIWebBrowser
the chrome object may optionally implement nsiwebprogresslistener instead of explicitly calling addwebbrowserlistener() and removewebbrowserlistener() to register a progress listener object.
...typically this method will be called to register an object to receive nsiwebprogresslistener or nsishistorylistener notifications in which case the the iid is that of the interface.
... see also nsibasewindow nsicontextmenulistener nsidomwindow nsiembeddingsitewindow nsiinterfacerequestor nsishistorylistener nsitooltiplistener nsiuricontentlistener nsiweakreference nsiwebbrowserchrome nsiwebbrowserchromefocus nsiwebprogresslistener ...

Autoconfiguration in Thunderbird
guessing if all other mechanisms failed, thunderbird tries to guess the configuration, by trying common server names like imap.<domain>, smtp.<domain>, mail.<domain> etc., and, when a mail server answers, checking whether it supports ssl, starttls and encrypted passwords (cram-md5).
... configuration server at isp given the email address "fred@example.com", thunderbird checks <https://autoconfig.example.com/mail/config-v1.1.xml?emailaddress=fred@example.com> (preferred) and <https://example.com/.well-known/autoconfig/mail/config-v1.1.xml> and the same urls with http (see section ssl below).
... server_name autoconfig.*; location / { root /var/www/autoconfig; } } ssl https was added in june 2019 to the spec.

DOMTokenList.remove() - Web APIs
return value undefined examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; classes.remove("c"); span.textcontent = classes; the output looks like this: to remove multiple classes at once, you can supply multiple tokens.
... the order you supply the tokens doesn't have to match the order they appear in the list: let span2 = document.getelementsbytagname("span")[0] let classes2 = span.classlist; classes2.remove("c", "b"); span2.textcontent = classes; specifications specification status comment domthe definition of 'remove()' in that specification.

DOMTokenList.replace() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; let result = classes.replace("c", "z"); console.log(result); if (result) { span.textcontent = classes; } else { span.textcontent = 'token not replaced successfully'; } the output looks like this: polyfill the following polyfill will add the replace method to the domtokenlist class.
...to use with earlier versions of ie, refer to the polyfill at element.classlist#polyfill domtokenlist.prototype.replace = function (a, b) { if (this.contains(a)) { this.add(b); this.remove(a); return true; } return false; } specifications specification status comment domthe definition of 'replace()' in that specification.

animation - CSS: Cascading Style Sheets
ar 1s slidein; } .a3 { animation: 3s slidein; } .animation { background: #3f87a6; width: 100%; height: calc(100% - 1.5em); transform-origin: left center; } window.addeventlistener('load', function () { var animation = array.from(document.queryselectorall('.animation')); var button = array.from(document.queryselectorall('button')); function togglebutton (btn, type) { btn.classlist.remove('play', 'pause', 'restart'); btn.classlist.add(type); btn.title = type.touppercase(type); } function playpause (i) { var btn = button[i]; var anim = animation[i]; if (btn.classlist.contains('play')) { anim.style.animationplaystate = 'running'; togglebutton(btn, 'pause'); } else if (btn.classlist.contains('pause')) { anim.style.animationpl...
...aystate = 'paused'; togglebutton(btn, 'play'); } else { anim.classlist.remove('a' + (i + 1)); settimeout(function () { togglebutton(btn, i === 0 ?
... 'play' : 'pause'); anim.style.animationplaystate = ''; anim.classlist.add('a' + (i + 1)); }, 100) } } animation.foreach(function (node, index) { node.addeventlistener('animationstart', function () { togglebutton(button[index], 'pause'); }); node.addeventlistener('animationend', function () { togglebutton(button[index], 'restart'); }); }); button.foreach(function (btn, index) { btn.addeventlistener('click', function () { playpause(index); }); }); }) a description of which properties are animatable is available; it's worth noting that this description is also valid for css transitions.

Evolution of HTTP - HTTP
instead of sending http over a basic tcp/ip stack, netscape communications created an additional encrypted transmission layer on top of it: ssl.
... ssl 1.0 was never released outside the company, but ssl 2.0 and its successor ssl 3.0 allowed for the creation of e-commerce web sites by encrypting and guaranteeing the authenticity of the messages exchanged between the server and client.
... ssl was put on the standards track and eventually became tls, with versions 1.0, 1.1, 1.2, and 1.3 appearing successfully to close vulnerabilities.

HTTP Public Key Pinning (HPKP) - HTTP
openssl rsa -in my-rsa-key-file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 openssl ec -in my-ecc-key-file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 openssl req -in my-signing-request.csr -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 openssl x509 -in my-certificate.crt -pubkey...
... -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 the following command will extract the base64 encoded information for a website.
... openssl s_client -servername www.example.com -connect www.example.com:443 | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 example hpkp header public-key-pins: pin-sha256="cupctazwkaasuywhhnedttwpy3obake3h2+sozs7sws="; pin-sha256="m8hztczm3eluxkcjr2s5p4hhybnf6lhkmjahkhpgpwe="; max-age=5184000; includesubdomains; report-uri="https://www.example.org/hpkp-report" in this example, pin-sha256="cupctazwkaasuywhhnedttwpy3obake3h2+sozs7sws=" pins the server's public key used in production.

Embedding FAQ - Archive of obsolete content
here is the code : import org.eclipse.swt.swt; import org.eclipse.swt.browser.mozillabrowser; import org.eclipse.swt.browser.progressevent; import org.eclipse.swt.browser.progresslistener; import org.eclipse.swt.widgets.display; import org.eclipse.swt.widgets.shell; import org.mozilla.xpcom.nsidomdocument; public class test { public static void main(string args[]) { display display = new display(); shell shell = new shell(display); final mozillabrowser browser = new mozillabrowser(shell,wt.border); br...
...owser.seturl("http://www.google.com"); browser.addprogresslistener(new progresslistener() { public void changed(progressevent event) { } public void completed(progressevent event) { nsidomdocument doc = browser.getdocument(); system.out.println(doc); } }); while (!shell.isdisposed()) { if (!display.readanddispatch()) { display.sleep(); } } } how to map a javascript function to a c++ function define an xpcom class defining the function you'll be doing in javascript.

Monitoring downloads - Archive of obsolete content
this is part of the nsidownloadprogresslistener interface.
... see also storage, nsidownloadmanager, nsidownload, nsidownloadprogresslistener ...

Methods - Archive of obsolete content
« xul reference home acceptdialog additemtoselection addpane addprogresslistener addsession addtab addtabsprogresslistener advance advanceselectedtab appendcustomtoolbar appendgroup appenditem appendnotification blur cancel canceldialog centerwindowonscreen checkadjacentelement clearresults clearselection click close collapsetoolbar contains decrease decreasepage docommand ensureelementisvisible ensureindexisvisible ensureselectedelementisvisible expandtoolbar extra1 extra2 focus getbrowseratindex getbrowserfordocument getbrowserfortab getbrowserindexfordocument getbutton getdefaultsession geteditor getelementsbyattribute getelementsbyattributens getformattedstring gethtmleditor getindexoffir...
...to movetoalertposition onsearchcomplete ontextentered ontextreverted openpopup openpopupatscreen opensubdialog openwindow preferenceforelement reload reloadalltabs reloadtab reloadwithflags removeallitems removeallnotifications removealltabsbut removecurrentnotification removecurrenttab removeitemat removeitemfromselection removenotification removeprogresslistener removesession removetab removetabsprogresslistener removetransientnotifications replacegroup reset rewind scrollbyindex scrollbypixels scrolltoindex select selectall selectitem selectitemrange selecttabatindex setselectionrange showpane showpopup sizeto startediting stop stopediting swapdocshells syncsessions timedselect toggleitemselecti...

XUL Questions and Answers - Archive of obsolete content
what is an example of addprogresslistener?
... an example of this is this: // associate the progress listener for a "browser" to a listener object browserobject.addprogresslistener( listobj, components.interfaces.nsiwebprogress.notify_state_window ); // remember to define the object, something like this: listobj = new object(); listobj.wpl = components.interfaces.nsiwebprogresslistener; listobj.queryinterface = function(aiid) { if (aiid.equals(listobj.wpl) || aiid.equals(components.interfaces.nsisupportsweakreference) || aiid.equals(components.interfaces.nsisupports)) return this; throw components.results.ns_nointerface; } listobj.onstatechange = function(aprogress, arequest, aflag, astatus) { if (aflag & listobj.wpl.state_start) { // this fires when the load event is initiated } else { if (a...

Archived Mozilla and build documentation - Archive of obsolete content
mozilla application framework the mozilla application framework: for powerful, easy to develop cross-platform applications mozilla crypto faq in this document i try to answer some frequently asked questions about the mozilla web browser and mail/news client and its support for ssl, s/mime, and related features based on cryptographic technology.
...using a distributed versioning system like svk takes out much of the hassle of managing your patches.

Gecko FAQ - Gecko Redirect 1
xml 1.0: full support, except for processing to manipulate default attributes rdf: full support, except for abouteach, abouteachprefix, and parsetype javascript 1.5, including ecma-262 edition 3 (ecmascript) compliance, except for date.todatestring and date.totimestring, which are not implemented transfer protocols: http 1.1 (including gzip compression), ftp ssl unicode oji (open java interface) image formats png gif jpeg, pjpeg does "full support" mean that gecko has zero bugs today or will have zero bugs at some point in the future?
... also bug reports marked with the css1, css2, and css3 keywords) dom: see dom0, dom1, dom2 and event handling components xml rdf core javascript language interpreter (javascript engine) http 1.1 compliance bugs should generally be found on the networking, networking - general, and networking: cache components oji imagelib image library (see also jpeg image handling and png image handling) ssl-related bugs are filed on the crypto component for information about the known bugs of a specific commercial product based on gecko, see that product's release notes.

Transport Layer Security (TLS) - MDN Web Docs Glossary: Definitions of Web-related terms
transport layer security (tls), formerly known as secure sockets layer (ssl), is a protocol used by applications to communicate securely across a network, preventing tampering with and eavesdropping on email, web browsing, messaging, and other protocols.
... both ssl and tls are client / server protocols that ensure communication privacy by using cryptographic protocols to provide security over a network.

Example 3 - Learn web development
ct .option { padding: .2em .3em; } .select .highlight { background: #000; color: #ffffff; } javascript content // ------- // // helpers // // ------- // nodelist.prototype.foreach = function (callback) { array.prototype.foreach.call(this, callback); } // -------------------- // // function definitions // // -------------------- // function deactivateselect(select) { if (!select.classlist.contains('active')) return; var optlist = select.queryselector('.optlist'); optlist.classlist.add('hidden'); select.classlist.remove('active'); } function activeselect(select, selectlist) { if (select.classlist.contains('active')) return; selectlist.foreach(deactivateselect); select.classlist.add('active'); }; function toggleoptlist(select, show) { var optlist = select.query...
...selector('.optlist'); optlist.classlist.toggle('hidden'); } function highlightoption(select, option) { var optionlist = select.queryselectorall('.option'); optionlist.foreach(function (other) { other.classlist.remove('highlight'); }); option.classlist.add('highlight'); }; // ------------- // // event binding // // ------------- // window.addeventlistener("load", function () { var form = document.queryselector('form'); form.classlist.remove("no-widget"); form.classlist.add("widget"); }); window.addeventlistener('load', function () { var selectlist = document.queryselectorall('.select'); selectlist.foreach(function (select) { var optionlist = select.queryselectorall('.option'); optionlist.foreach(function (option) { option.addeventlistener('mouseo...

Handling common HTML and CSS problems - Learn web development
what you really want is a linter that will fit into your standard workflow with the minimum of hassle.
...after that, install the linter-csslint plugin for linting css, and the linter-tidy plugin for linting html.

Simple SeaMonkey build
debian linux: # this one-liner should install all necessary build deps sudo aptitude install zip mercurial libasound2-dev libcurl4-openssl-dev libnotify-dev libxt-dev libiw-dev libidl-dev mesa-common-dev autoconf2.13 yasm libgtk2.0-dev libdbus-1-dev libdbus-glib-1-dev python-dev libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev libpulse-dev ubuntu linux # for ubuntu 12.04 lts (precise pangolin), replace the following line with: sudo apt-get build-dep thunderbird sudo apt-get build-dep seamonkey sudo apt-ge...
...t install zip unzip mercurial g++ make autoconf2.13 yasm libgtk2.0-dev libglib2.0-dev libdbus-1-dev libdbus-glib-1-dev libasound2-dev libcurl4-openssl-dev libnotify-dev libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev libiw-dev libxt-dev mesa-common-dev libpulse-dev fedora linux centos rhel: sudo yum groupinstall 'development tools' 'development libraries' 'gnome software development' sudo yum install mercurial autoconf213 glibc-static libstdc++-static yasm wireless-tools-devel mesa-libgl-devel alsa-lib-devel libxt-devel gstreamer-devel gstreamer-plugins-base-devel pulseaudio-libs-devel # 'development tools' is defunct in fedora 19 and above use the following sudo yum groupinstall 'c development tools and libraries' sudo yum group mark install "x software deve...

The Firefox codebase: CSS Guidelines
classlist is generally better than classname.
...the chrome area of firefox uses colors as authored, which is why using pre-defined variables, currentcolor or inheritance is useful to integrate with the system theme with little hassle.

Limitations of chrome scripts
nsiwebprogresslistener this api will work in the chrome process.
... alternatively, you can use nsiwebprogresslistener in the content process.

Getting Started with Chat
you will need to use the following information to configure the server connection: server: irc.mozilla.org port: 6667 (default) or 6697 (ssl) desktop clients desktop clients tens to allow the most detailed configuration.
... for example, you can connect using ssl or a non-secure connection, and you can configure the client to automatically connect to a server and join a particular set of channels when you start the client.

L20n Javascript API
ctx.localize(['hello', 'new'], function(l10n) { var node = document.queryselector('[data-l10n-id=hello]'); node.textcontent = l10n.entities.hello.value; node.classlist.remove('hidden'); }); ctx.registerlocales(defaultlocale: string?, availablelocales: array<string>?) register the default locale of the context instance, as well as all other locales available to the context instance before the language negotiation.
... ctx.localize(['hello', 'about'], function(l10n) { var node = document.queryselector('[data-l10n-id=hello]'); node.textcontent = l10n.entities.hello.value; node.classlist.remove('hidden'); }); the callback becomes bound to the entities on the ids list.

Certificate functions
if documentation is available for a function listed below, the function name is linked to either its mdc wiki page or its entry in the old ssl reference.
...e mxr 3.10 and later cert_getnextnameconstraint mxr 3.10 and later cert_getocspresponsestatus mxr 3.6 and later cert_getocspstatusforcertid mxr 3.6 and later cert_getoidstring mxr 3.9 and later cert_getorgname mxr 3.2 and later cert_getorgunitname mxr 3.2 and later cert_getocspauthorityinfoaccesslocation mxr 3.4 and later cert_getpkixverifynistrevocationpolicy mxr 3.12 and later cert_getprevgeneralname mxr 3.10 and later cert_getprevnameconstraint mxr 3.10 and later cert_getsloptime mxr 3.2 and later cert_getsslcacerts mxr 3.2 and later cert_getstatename mxr 3.2 and later cert_getusepki...

NSS_3.11.10_release_notes.html
bug 387892: add entrust root ca certificate(s) to nss bug 396999: pk11_authenticate bug 397478: lock from ssl_initsymwrapkeyslock not freed on selfserv shutdown.
... bug 398680: assertion botch in ssl3_registerserverhelloextensionsender doing second handshake with ssl_forcehandshake bug 403240: threads hanging in nss_initlock bug 403888: memory leak in trustdomain.c bug 416067: certutil -l -h token doesn't report token authentication failure bug 417637: tstclnt crashes if -p option is not specified bug 421634: don't send an sni client hello extension bearing an ipv6 address bug 422918: add verisign class 3 public primary ca - g5 to nss bug 424152: add thawte primary root ca to nss bug 424169: add geotrust primary certification authority root to nss bug 425469: add multiple new roots: geotrust bug 426568: add comodo certification authority certificate to nss bug 4313...

NSS 3.12.9 release notes
new in nss 3.12.9 removed functions new ssl options new error codes bugs fixed the following bugs have been fixed in nss 3.12.9.
... bug 536485: crash during ssl handshake in [@ intel_aes_decrypt_cbc_256] bug 444367: nss 3.12 softoken returns the certificate type of a certificate object as ckc_x_509_attr_cert.

NSS 3.15.2 release notes
bug 884178 - add pk11_cipherfinal macro bugs fixed in nss 3.15.2 bug 734007 - sizeof() used incorrectly bug 900971 - nssutil_readsecmoddb() leaks memory bug 681839 - allow ssl_handshakenegotiatedextension to be called before the handshake is finished.
... bug 848384 - deprecate the ssl cipher policy code, as it's no longer relevant.

NSS 3.15.5 release notes
two ssl socket options, ssl_enable_npn and ssl_enable_alpn, can be used to control whether npn or alpn (or both) should be used for application layer protocol negotiation.
... notable changes in nss 3.15.5 bug 950129: improve the ocsp fetching policy when verifying ocsp responses bug 949060: validate the iov input argument (an array of priovec structures) of ssl_writev (called via pr_writev).

NSS 3.17.4 release notes
notable changes in nss 3.17.4 bug 1084986: if an ssl/tls connection fails, because client and server don't have any common protocol version enabled, nss has been changed to report error code ssl_error_unsupported_version (instead of reporting ssl_error_no_cypher_overlap).
... bug 1119983: fixed interoperability of nss server code with a libressl client.

NSS 3.19.1 release notes
nss 3.19.1 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_19_1_rtm/src/ security fixes in nss 3.19.1 bug 1138554 / cve-2015-4000 - the minimum strength of keys that libssl will accept for finite field algorithms (rsa, diffie-hellman, and dsa) have been increased to 1023 bits.
...this affects the key strength values that are reported by ssl_getchannelinfo.

NSS 3.23 release notes
new functions in ssl.h ssl_setdowngradecheckversion - set maximum version for new serverrandom anti-downgrade mechanism.
... notable changes in nss 3.23 the copy of sqlite shipped with nss has been updated to version 3.10.2 (bug 1234698) the list of tls extensions sent in the tls handshake has been reordered to increase compatibility of the extended master secret with servers (bug 1243641) the build time environment variable nss_enable_zlib has been renamed to nss_ssl_enable_zlib (bug 1243872).

NSS 3.25 release notes
new functions in nssckfw.h nssckfwslot_getslotid nssckfwsession_getfwslot nssckfwinstance_destroysessionhandle nssckfwinstance_findsessionhandle notable changes in nss 3.25 an ssl socket can no longer be configured to allow both tls 1.3 and ssl v3.
... regression fix: nss no longer reports a failure if an application attempts to disable the ssl v2 protocol.

NSS 3.27 release notes
nss 3.27 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_27_rtm/src/ new in nss 3.27 new functionality allow custom named group priorities for tls key exchange handshake (ssl_namedgroupconfig).
... added support for rsa-pss signatures in tls 1.2 and tls 1.3 new functions in ssl.h ssl_namedgroupconfig notable changes in nss 3.27 update 2016-10-02: the maximum tls version supported has been increased to tls 1.3 (draft).

NSS 3.28.5 release notes
sha-256 fingerprint: 32:7a:3d:76:1a:ba:de:a0:34:eb:99:84:06:27:5c:b1:a4:77:6e:fd:ae:2f:df:6d:01:68:ea:1c:4f:55:67:d0 the following ca certificates were added: cn = d-trust root ca 3 2013 sha-256 fingerprint: a1:a8:6d:04:12:1e:b8:7f:02:7c:66:f5:33:03:c2:8e:57:39:f9:43:fc:84:b3:8a:d6:af:00:90:35:dd:94:57 trust flags: email cn = tubitak kamu sm ssl kok sertifikasi - surum 1 sha-256 fingerprint: 46:ed:c3:68:90:46:d5:3a:45:3f:b3:10:4a:b8:0d:ca:ec:65:8b:26:60:ea:16:29:dd:7e:86:79:90:64:87:16 trust flags: websites technically constrained to: gov.tr, k12.tr, pol.tr, mil.tr, tsk.tr, kep.tr, bel.tr, edu.tr, org.tr the version number of the updated root ca list has been set to 2.14.
... bug 1349705 - implemented domain name constraints for ca: tubitak kamu sm ssl kok sertifikasi - surum 1.

NSS 3.30.2 release notes
sha-256 fingerprint: 32:7a:3d:76:1a:ba:de:a0:34:eb:99:84:06:27:5c:b1:a4:77:6e:fd:ae:2f:df:6d:01:68:ea:1c:4f:55:67:d0 the following ca certificates were added: cn = d-trust root ca 3 2013 sha-256 fingerprint: a1:a8:6d:04:12:1e:b8:7f:02:7c:66:f5:33:03:c2:8e:57:39:f9:43:fc:84:b3:8a:d6:af:00:90:35:dd:94:57 trust flags: email cn = tubitak kamu sm ssl kok sertifikasi - surum 1 sha-256 fingerprint: 46:ed:c3:68:90:46:d5:3a:45:3f:b3:10:4a:b8:0d:ca:ec:65:8b:26:60:ea:16:29:dd:7e:86:79:90:64:87:16 trust flags: websites technically constrained to: gov.tr, k12.tr, pol.tr, mil.tr, tsk.tr, kep.tr, bel.tr, edu.tr, org.tr the version number of the updated root ca list has been set to 2.14 (the version numbers 2.12 and ...
...2.13 for the root ca list have been skipped.) bugs fixed in nss 3.30.2 bug 1350859 - march 2017 batch of root ca changes bug 1349705 - implemented domain name constraints for ca: tubitak kamu sm ssl kok sertifikasi - surum 1 compatibility nss 3.30.2 shared libraries are backward compatible with all older nss 3.x shared libraries.

NSS 3.30 release notes
support for callback functions that can be used to monitor ssl/tls alerts that are sent or received.
... in ssl.h ssl_alertreceivedcallback - register a callback function, that will be called whenever an ssl/tls alert is received ssl_alertsentcallback - register a callback function, that will be called whenever an ssl/tls alert is sent ssl_setsessionticketkeypair - configures an asymmetric key pair, for use in wrapping session ticket keys, used by the server.

NSS 3.39 release notes
support for these keys is disabled by default but can be enabled using ssl_signatureschemeprefset().
...98c18d91b4cfdffbc25ee9103d4758ea2abad826a90f3457d460eb4 cn = opentrust root ca g2 sha-256 fingerprint: 27995829fe6a7515c1bfe848f9c4761db16c225929257bf40d0894f29ea8baf2 cn = opentrust root ca g3 sha-256 fingerprint: b7c36231706e81078c367cb896198f1e3208dd926949dd8f5709a410f75b6292 bugs fixed in nss 3.39 bug 1483128 - nss responded to an sslv2-compatible clienthello with a serverhello that had an all-zero random (cve-2018-12384) this bugzilla query returns all the bugs fixed in nss 3.39: https://bugzilla.mozilla.org/buglist.cgi?resolution=fixed&classification=components&query_format=advanced&product=nss&target_milestone=3.39 compatibility nss 3.39 shared libraries are backward compatible with all older nss 3.x shared libraries.

NSS 3.43 release notes
new in nss 3.43 new functionality new functions in sechash.h hash_gethashoidtagbyhashtype - convert type hash_hashtype to type secoidtag in sslexp.h ssl_sendcertificaterequest - allow server to request post-handshake client authentication.
... to use this both peers need to enable the ssl_enable_post_handshake_auth option.

NSS 3.51.1 release notes
bug 1618739 - don't assert fuzzer behavior in ssl_parsesessionticket.
... bug 1618915 - fix ubsan issue in ssl_parsesessionticket.

NSS Developer Tutorial
the proper use of tabs has often been confusing for new nss developers, so in nss/lib/ssl, we're gradually removing the use of tabs.
... only functions listed in the symbol export lists (nss.def, ssl.def, smime.def, etc.) are truly public functions.

nss tech note7
(this api pretty much consists of what was needed to implement ssl and s/mime, plus a few enhancements over the years to support jss.) when using the pk11_ interfaces, the same principal applies: use the highest available function.
...it's used to support ssl2, which modifies the key encoding to include the ssl version number.

NSS Tech Notes
tn4: pulling certificate extension information out of ssl certificates.
... tn8: background information on libssl's cache functions and sids.

PKCS11 Implement
signing tokens include a signing certificate and are used to sign objects or messages or to perform ssl authentication.
... pkcs #11 functions required for different kinds of tokens external key distribution tokens signing tokens signing and decryption tokens multipurpose tokens c_encrypt c_decrypt ckm_rsa_pkcs ckm_rsa_x_509 (ssl 2.0 server only) c_decrypt ckm_rsa_pkcs ckm_rsa_x_509 (ssl 2.0 server only) c_decrypt c_sign ckm_rsa_pkcs ckm_dsa c_sign ckm_rsa_pkcs ckm_dsa c_sign ckm_rsa_pkcs ckm_dsa c_sign ckm_rsa_pkcs ckm_dsa c_verify ckm_rsa_pkcs ckm_dsa c_verifyrecover ckm_rsa_pkcs c_generatekey c_generatekeypair (if token is read/write)c_generatekeypair (if token is read/write) c_gene...

NSS Tools
source, documentation, tasks/plans sslstrength ssl strength documentation ssltap 3.2 proxy requests for an ssl server and display the contents of the messages exchanged between the client and server.
... the ssltap tool does not decrypt data, but it shows things like the type of ssl message (clienthello, serverhello, etc) and connection data (protocol version, cipher suite, etc).

Mozilla Projects
applications built with nss can support ssl v3, tls, pkcs #5, pkcs #7, pkcs #11, pkcs #12, s/mime, x.509 v3 certificates, and other security standards.
...these operations include setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), and other common pki functions.

XPCOM array guide
// temporary stack-based nscomarray nscomarray<nsifoo> fooitems; getcompletelist(fooitems); // now filter out non visible objects // doing this backwards pruint32 i = fooitems.count(); while (i > 0) { --i; prbool isvisible; fooitems[i]->getisvisible(&isvisible); if (!isvisible) { fooitems.removeobjectat(i); } } // now deal with the processed list processlist(fooitems); // fooitems will release all its members // when it goes out of scope } access to elements nscomarray<t> is a concrete c++ class, and so the [] operator is used to access its members.
.../ temporary stack-based nstarray nstarray<foostruct> fooitems; getcompletelist(fooitems); // now filter out non visible objects // doing this backwards pruint32 i = fooitems.length(); while (i > 0) { --i; prbool isvisible; fooitems[i]->getisvisible(&isvisible); if (!isvisible) { fooitems.removeelementat(i); } } // now deal with the processed list processlist(fooitems); // fooitems will call the destructors of all the foostruct objects // when it goes out of scope } access to elements nstarray<t> is a concrete c++ class, and so the [] operator is used to access its members.

nsIDocShell
beginrestore() begin firing webprogresslistener notifications for restoring a page presentation.
...finishrestore() finish firing webprogresslistener notifications and dom events for restoring a page presentation.

nsITransportSecurityInfo
the possible values are defined in nsiwebprogresslistener.
... shortsecuritydescription wstring for secure connections (ssl) gives the common name (cn) of the certifying authority.

Address Book examples
ectoryproperty;1"] .createinstance(components.interfaces.nsiabdirectory); maillist.ismaillist = true; now fill in the details you want to store: maillist.dirname = "my mailing list"; maillist.listnickname = "nickname for list"; maillist.description = "list description"; add the cards you want to include in the list: for (let i = 0; i < numcards; i++) maillist.addresslists.appendelement(card[i], false); now save the list: var parentdirectory = ...; // an nsiabdirectory for the parent of the mailing list.
...cription"); then you need to get the equivalent mailing list object that implements nsiabdirectory: let abmanager = components.classes["@mozilla.org/abmanager;1"] .getservice(components.interfaces.nsiabmanager); let maillistdirectory = abmanager.getdirectory(maillistcard.maillisturi); you can then adjust the items in the actual mailing list: maillistdirectory.addresslists.appendelement(newcard, false); then save the updated list to the database: maillistdirectory.editmaillisttodatabase(maillistcard); deleting a mailing list there are two ways to delete a mailing list.

Zombie compartments
[2] │ │ │ └───5.83 mb (01.17%) -- (4 tiny) │ │ │ ├──4.19 mb (00.84%) ++ layout │ │ │ ├──1.03 mb (00.21%) ── style-sheets [2] │ │ │ ├──0.60 mb (00.12%) ++ dom │ │ │ └──0.01 mb (00.00%) ── property-tables [2] │ │ ├───8.86 mb (01.78%) -- cached/window(https://www.google.de/?gws_rd=ssl) │ │ │ ├──4.23 mb (00.85%) -- layout │ │ │ │ ├──3.80 mb (00.76%) ── style-sets │ │ │ │ ├──0.29 mb (00.06%) ── pres-shell │ │ │ │ ├──0.05 mb (00.01%) ── rule-nodes │ │ │ │ ├──0.04 mb (00.01%) ── style-contexts │ │ │ │ ├──0.03 mb (00.01%) -- frames │ │ │ �...
...─0.02 mb (00.00%) ── sundries │ │ │ │ │ └──0.01 mb (00.00%) ── nsblockframe │ │ │ │ ├──0.01 mb (00.00%) ── pres-contexts │ │ │ │ ├──0.01 mb (00.00%) ── line-boxes │ │ │ │ └──0.00 mb (00.00%) ── text-runs │ │ │ ├──3.78 mb (00.76%) ++ js-compartment(https://www.google.de/?gws_rd=ssl) │ │ │ ├──0.51 mb (00.10%) ── style-sheets │ │ │ ├──0.33 mb (00.07%) -- dom │ │ │ │ ├──0.17 mb (00.04%) ── text-nodes │ │ │ │ ├──0.13 mb (00.03%) ── element-nodes │ │ │ │ ├──0.02 mb (00.00%) ── other │ │ │ │ ├──0.01 mb (00.00%) ── orphan-nodes │ │ │ │ ...

DOMTokenList.add() - Web APIs
return value undefined examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; classes.add("d"); span.textcontent = classes; the output looks like this: you can add multiple tokens as well: span.classlist.add("d", "e", "f"); specifications specification status comment domthe definition of 'add()' in that specification.

DOMTokenList.contains() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; let result = classes.contains("c"); if (result) { span.textcontent = "the classlist contains 'c'"; } else { span.textcontent = "the classlist does not contain 'c'"; } the output looks like this: specifications specification status comment domthe definition of 'contains()' in that specification.

DOMTokenList.entries() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; let iterator = classes.entries(); for (let value of iterator) { span.textcontent += value + ' ++ '; } the output looks like this: specifications specification status comment domthe definition of 'entries() (as iterable<node>)' in that specification.

DOMTokenList.forEach() - Web APIs
example in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... html <span class="a b c"></span> javascript let span = document.queryselector("span"); let classes = span.classlist; let iterator = classes.values(); classes.foreach( function(value, key, listobj) { span.textcontent += `${value} ${key}/${this} ++ `; }, "arg" ); result polyfill this polyfill adds compatibility to all browsers supporting es5: if (window.domtokenlist && !domtokenlist.prototype.foreach) { domtokenlist.prototype.foreach = function (callback, thisarg) { thisarg = thisarg || window; for (var i = 0; i < this.length; i++) { callback.call(thisarg, this[i], i, this); } }; } specification...

DOMTokenList.item() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; let item = classes.item(classes.length-1); span.textcontent = item; the output looks like this: specifications specification status comment domthe definition of 'item()' in that specification.

DOMTokenList.keys() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: var span = document.queryselector("span"); var classes = span.classlist; var iterator = classes.keys(); for(var value of iterator) { span.textcontent += value + ' ++ '; } the output looks like this: specifications specification status comment domthe definition of 'keys() (as iterable<node>)' in that specification.

DOMTokenList.length - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist, then write the length of the list to the <span>'s node.textcontent.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; let length = classes.length; span.textcontent = `classlist length = ${length}`; the output looks like this: specifications specification status comment domthe definition of 'length' in that specification.

DOMTokenList.toggle() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b">classlist is 'a b'</span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; span.addeventlistener('click', function() { let result = classes.toggle("c"); if (result) { span.textcontent = `'c' added; classlist is now "${classes}".`; } else { span.textcontent = `'c' removed; classlist is now "${classes}".`; } }) the output looks like this: specifications specification status comment domthe definition of 'toggle()' in that specification.

DOMTokenList.value - Web APIs
syntax tokenlist.value; value a domstring examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist, then write the value of the list to the <span>'s node.textcontent.
... first, the html: <span class="a b c"></span> now the javascript: let span = document.queryselector("span"); let classes = span.classlist; span.textcontent = classes.value; the output looks like this: specifications specification status comment domthe definition of 'value' in that specification.

DOMTokenList.values() - Web APIs
examples in the following example we retrieve the list of classes set on a <span> element as a domtokenlist using element.classlist.
... first, the html: <span class="a b c"></span> now the javascript: var span = document.queryselector("span"); var classes = span.classlist; var iterator = classes.values(); for(var value of iterator) { span.textcontent += value + ' ++ '; } the output looks like this: specifications specification status comment domthe definition of 'values() (as iterable<node>)' in that specification.

HTMLElement: animationcancel event - Web APIs
tioneventlog.textcontent}'animation started' `; }); animation.addeventlistener('animationiteration', () => { iterationcount++; animationeventlog.textcontent = `${animationeventlog.textcontent}'animation iterations: ${iterationcount}' `; }); animation.addeventlistener('animationend', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation ended'`; animation.classlist.remove('active'); applyanimation.textcontent = "activate animation"; }); animation.addeventlistener('animationcancel', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation canceled'`; }); applyanimation.addeventlistener('click', () => { animation.classlist.toggle('active'); animationeventlog.textcontent = ''; iterationcount = 0; let active = animati...
...on.classlist.contains('active'); if (active) { applyanimation.textcontent = "cancel animation"; } else { applyanimation.textcontent = "activate animation"; } }); result specifications specification status comment css animations working draft initial definition ...

HTMLElement: animationend event - Web APIs
tioneventlog.textcontent}'animation started' `; }); animation.addeventlistener('animationiteration', () => { iterationcount++; animationeventlog.textcontent = `${animationeventlog.textcontent}'animation iterations: ${iterationcount}' `; }); animation.addeventlistener('animationend', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation ended'`; animation.classlist.remove('active'); applyanimation.textcontent = "activate animation"; }); animation.addeventlistener('animationcancel', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation canceled'`; }); applyanimation.addeventlistener('click', () => { animation.classlist.toggle('active'); animationeventlog.textcontent = ''; iterationcount = 0; let active = animati...
...on.classlist.contains('active'); if (active) { applyanimation.textcontent = "cancel animation"; } else { applyanimation.textcontent = "activate animation"; } }); result specifications specification status comment css animations working draft initial definition ...

HTMLElement: animationiteration event - Web APIs
tioneventlog.textcontent}'animation started' `; }); animation.addeventlistener('animationiteration', () => { iterationcount++; animationeventlog.textcontent = `${animationeventlog.textcontent}'animation iterations: ${iterationcount}' `; }); animation.addeventlistener('animationend', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation ended'`; animation.classlist.remove('active'); applyanimation.textcontent = "activate animation"; }); animation.addeventlistener('animationcancel', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation canceled'`; }); applyanimation.addeventlistener('click', () => { animation.classlist.toggle('active'); animationeventlog.textcontent = ''; iterationcount = 0; let active = animati...
...on.classlist.contains('active'); if (active) { applyanimation.textcontent = "cancel animation"; } else { applyanimation.textcontent = "activate animation"; } }); result specifications specification status comment css animations working draft initial definition ...

HTMLElement: animationstart event - Web APIs
tioneventlog.textcontent}'animation started' `; }); animation.addeventlistener('animationiteration', () => { iterationcount++; animationeventlog.textcontent = `${animationeventlog.textcontent}'animation iterations: ${iterationcount}' `; }); animation.addeventlistener('animationend', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation ended'`; animation.classlist.remove('active'); applyanimation.textcontent = "activate animation"; }); animation.addeventlistener('animationcancel', () => { animationeventlog.textcontent = `${animationeventlog.textcontent}'animation canceled'`; }); applyanimation.addeventlistener('click', () => { animation.classlist.toggle('active'); animationeventlog.textcontent = ''; iterationcount = 0; let active = animati...
...on.classlist.contains('active'); if (active) { applyanimation.textcontent = "cancel animation"; } else { applyanimation.textcontent = "activate animation"; } }); result specifications specification status comment css animations working draft initial definition ...

Ajax navigation example - Web APIs
url(opageinfo.url, "json"), true); oreq.send(); oloadingbox.parentnode || document.body.appendchild(oloadingbox); } function requestpage (surl) { if (history.pushstate) { bupdateurl = true; getpage(surl); } else { /* ajax navigation is not supported */ location.assign(surl); } } function processlink () { if (this.classname === sajaxclass) { requestpage(this.href); return false; } return true; } function init () { opageinfo.title = document.title; history.replacestate(opageinfo, opageinfo.title, opageinfo.url); for (var olink, nidx = 0, nlen = document.links.length; nidx < nlen; document.links[nidx++].onclick ...
...= processlink); } const /* customizable constants */ stargetid = "ajax-content", sviewkey = "view_as", sajaxclass = "ajax-nav", /* not customizable constants */ rsearch = /\?.*$/, rhost = /^[^\?]*\?*&*/, rview = new regexp("&" + sviewkey + "\\=[^&]*|&*$", "i"), rendqstmark = /\?$/, oloadingbox = document.createelement("div"), ocover = document.createelement("div"), oloadingimg = new image(), opageinfo = { title: null, url: location.href }, ohttpstatus = /* http://www.iana.org/assignments/http-status-codes/http-status-codes.xml */ { 100: "continue", 101: "switching protocols", 102: "processing", 200: "ok", 201: "created", 202: "accep...

SubtleCrypto.deriveBits() - Web APIs
async function derivesharedsecret(privatekey, publickey) { const sharedsecret = await window.crypto.subtle.derivebits( { name: "ecdh", namedcurve: "p-384", public: publickey }, privatekey, 128 ); const buffer = new uint8array(sharedsecret, 0, 5); const sharedsecretvalue = document.queryselector(".ecdh .derived-bits-value"); sharedsecretvalue.classlist.add("fade-in"); sharedsecretvalue.addeventlistener("animationend", () => { sharedsecretvalue.classlist.remove("fade-in"); }); sharedsecretvalue.textcontent = `${buffer}...[${sharedsecret.bytelength} bytes total]`; } // generate 2 ecdh key pairs: one for alice and one for bob // in more normal usage, they would generate their key pairs // separately and exchange public keys securely ...
....crypto.getrandomvalues(new uint8array(16)); const derivedbits = await window.crypto.subtle.derivebits( { "name": "pbkdf2", salt: salt, "iterations": 100000, "hash": "sha-256" }, keymaterial, 256 ); const buffer = new uint8array(derivedbits, 0, 5); const derivedbitsvalue = document.queryselector(".pbkdf2 .derived-bits-value"); derivedbitsvalue.classlist.add("fade-in"); derivedbitsvalue.addeventlistener("animationend", () => { derivedbitsvalue.classlist.remove("fade-in"); }); derivedbitsvalue.textcontent = `${buffer}...[${derivedbits.bytelength} bytes total]`; } const derivebitsbutton = document.queryselector(".pbkdf2 .derive-bits-button"); derivebitsbutton.addeventlistener("click", () => { getderivedbits(); }); specifications ...

WebXR permissions and security - Web APIs
inline presentation when you request an xrsession with the mode set to inline, and any features are required or requested, the browser will only allow the session to be created if the call to requestsession() was made by code which is executing expressly due to user intent.
... explicit user intent (explicit user consent) is granted when the user has specifically and expressly been asked for permission to perform an action.

Window.getDefaultComputedStyle() - Web APIs
<style> h3:after { content: ' rocks!'; } </style> <h3>generated content</h3> <script> var h3 = document.queryselector('h3'), result = getdefaultcomputedstyle(h3, ':after').content; console.log('the generated content is: ', result); // returns 'none' </script> notes the returned value is, in certain known cases, expressly incorrect by deliberate intent.
... in particular, to avoid the so called css history leak security issue, browsers may expressly "lie" about the used value for a link and always return values as if a user has never visited the linked site, and/or limit the styles that can be applied using the :visited pseudo-selector.

transition-timing-function - CSS: Cascading Style Sheets
operty: all; transition-duration: 7s; } .parent > div.box1{ width: 90vw; min-width: 24em; background-color: magenta; color: yellow; border: 1px solid orange; transition-property: all; transition-duration: 2s; } function updatetransition() { var els = document.queryselectorall(".parent > div[class]"); for(var c = els.length, i = 0; i < c; i++) { els[i].classlist.toggle("box1"); } } var intervalid = window.setinterval(updatetransition, 10000); .ease { transition-timing-function: ease; } .easein { transition-timing-function: ease-in; } .easeout { transition-timing-function: ease-out; } .easeinout { transition-timing-function: ease-in-out; } .linear { transition-timing-function: linear; } .cb { transition-timing-function: cubic-be...
...property: all; transition-duration:7s; } .parent > div.box1{ width: 90vw; min-width: 24em; background-color: magenta; color: yellow; border: 1px solid orange; transition-property: all; transition-duration:2s; } function updatetransition() { var els = document.queryselectorall(".parent > div[class]"); for(var c = els.length, i = 0; i < c; i++) { els[i].classlist.toggle("box1"); } } var intervalid = window.setinterval(updatetransition, 10000); .jump-start { transition-timing-function: steps(5, jump-start); } .jump-end { transition-timing-function: steps(5, jump-end); } .jump-none { transition-timing-function: steps(5, jump-none); } .jump-both { transition-timing-function: steps(5, jump-both); } .step-start { transition-timing-funct...

Event reference
mozbrowsersecuritychange firefox os browser api-specific sent when the ssl state changes within a browser <iframe>.
... cssruleviewcsslinkclicked devtools specific a link to a css file has been clicked in the "rules" view of the style inspector.

Codecs used by WebRTC - Web media technologies
avc implementations for webrtc are required to support the special "filler payload" and "full frame freeze" sei messages; these are used to support switching among multiple input streams seamlessly.
...neither g.711.0 (lossless compression), g.711.1 (wideband capability), nor any other extensions to the g.711 standard are mandated by webrtc.

The "codecs" parameter in common media types - Web media technologies
also includes support for up to 14 bits per color sample and efficient lossless region coding.
... 27 er parametric (error resilient parametric) 28 ssc (sinusoidal coding) 29 ps (parametric stereo) he-aac v2 30 mpeg surround 31 escape 32 mpeg-1 layer-1 33 mpeg-1 layer-2 (mp2) 34 mpeg-1 layer-3 (mp3) 35 dst (direct stream transfer) 36 als (audio lossless) 37 sls (scalable lossless) 38 sls non-core (scalable lossless non-core) 39 er aac eld (error resilient aac enhanced low delay) 40 smr simple (symbolic music representation simple) 41 smr main (symbolic music representation main) 42 reserved 43 saoc (spatial audio object coding)[1] ...

Classes and Inheritance - Archive of obsolete content
we could of course copy every property from the prototype of shape over to the prototype of circle, but this is needlessly inefficient.

event/core - Archive of obsolete content
to avoid hassles of removing such listeners there is a convenient once function: once(target, 'load', function() { console.log('ready'); }); emit(target, 'load') // info: 'ready' emit(target, 'load') there are also convenient ways to remove registered listeners.

Examples and demos from articles - Archive of obsolete content
xml to json conversion snippets (jxon) jxon (lossless javascript xml object notation) is a generic name by which is defined the representation of javascript objects using xml.

Miscellaneous - Archive of obsolete content
however, if you are not going to cancel the request, you need to "rewind" it by calling: postdata.queryinterface(ci.nsiseekablestream).seek(ci.nsiseekablestream.ns_seek_set, 0); adding custom certificates to a xulrunner application you need to ship a xulrunner application with your own ssl certificates?

On page load - Archive of obsolete content
progress listeners implement the nsiwebprogresslistener interface.

XML-related code snippets - Archive of obsolete content
how to create a dom tree using xmlhttprequest parsing and serializing xml using xpath jxon (lossless javascript xml object notation) xsl transforms xlink xinclude xml:id xml:base support in old browsers xpointer svg namespaces, or why http://www.mozilla.org/keymaster/gat...re.is.only.xul is at the top of every xul document.

Creating custom Firefox extensions with the Mozilla build system - Archive of obsolete content
focus on the fact that once you get the build working, it'll probably work effortlessly from then on.

Extension Versioning, Update and Compatibility - Archive of obsolete content
there are also gnu ports for win (besides usual suspects like cygwin), which are good for non-interactive use: sha256sum file there is also md5deep, which is cross platform: sha256deep file openssl also generates hashes for you: openssl sha256 file if you're on windows, hashtab is a shell extension...

Signing an extension - Archive of obsolete content
signing a firefox extension with a windows authenticode ssl certificate / key - note that some cas do not allow (or support) to divert an authenticode certificate to object signing.

Index of archived content - Archive of obsolete content
s a toolkit bundle supporting private browsing in plugins the first install problem writing a plugin for mac os x xembed extension for mozilla plugins sax security digital signatures encryption and decryption introduction to public-key cryptography introduction to ssl nspr release engineering guide ssl and tls solaris 10 build prerequisites sunbird theme tutorial table reflow internals tamarin tracing build documentation the basics of web services themes building a theme common firefox theme issues and solutions c...

Inner-browsing extending the browser navigation paradigm - Archive of obsolete content
a request to a web server no longer requires a new page to be loaded, in order to update information in a page seamlessly.

List of Mozilla-Based Applications - Archive of obsolete content
aicpcu/iia exam app exam delivery software aliwal geocoder geocoding & data on a map amarok xul remote remote control for amarok music player ample sdk javascript gui-framework aol instant messenger im client uses nss apache web server doesn't use nss by default, but can be configured to use nss with mod_nss ssl module apicawatch site performance monitoring tool uses firefox as part of its monitoring package astyle css editor editing tool atmail webmail client aviva for java mainframe connectivity product uses mozilla rhino babelgum internet tv service basilisk pre-servo xul-based web browser uses most of the fir...

cert_override.txt - Archive of obsolete content
domainname:port : port 443 for https (ssl) hash algorithm oid sha1-256: oid.2.16.840.1.101.3.4.2.1 (most used) sha-384: oid.2.16.840.1.101.3.4.2.2 sha-512: oid.2.16.840.1.101.3.4.2.3 certificate fingerprint using previous hash algorithm one or more characters for override type: m : allow mismatches in the hostname u : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert) t : allow errors in the val...

Adding the structure - Archive of obsolete content
the lock icon in mozilla that shows whether or not a loaded document was encrypted with ssl).

Download Manager improvements in Firefox 3 - Archive of obsolete content
nsidownloadprogresslistener applications and extensions implement this interface to be made aware of changes in the status of downloads.

Repackaging Firefox - Archive of obsolete content
on the other hand, if you create a dex which supports all locales, you can only ship on a few, and later expand your set without any upgrade hassles.

JavaScript Client API - Archive of obsolete content
but, you want to use a derived class, cryptowrapper, which seamlessly encrypts and decrypts records on the client.

Jetpack Snippets - Archive of obsolete content
bar.append({ onready: function (slide) { // call out to a global function, passing the slidebar object exinitslidebar(slide); }, ...});function exinitslidebar(aslidebar) { // this variable will now be global slider = aslidebar;} // then, accessing the slidebar htmlvar tl = slider.contentdocument.getelementbyid("thumblist"); // or calling slidebar api methods or accessing propertiesslider.notify(); ...

Mozilla Application Framework in Detail - Archive of obsolete content
pr, a runtime engine that provides platform-independence (across over a dozen platforms) for non-gui operating system facilities with support for threads, thread synchronization, normal file and network i/o, interval timing and calendar time, basic memory management (malloc and free) and shared library linking; psm, a set of libraries that perform cryptographic operations including setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), other common pki functions, and s/mime support; an sql support that provides the ability to set up data sources, query a database, and retrieve results as javascript objects or rdf data sources; and an api for directory services via the lightweight directory access protocol (ldap).

Plug-n-Hack - Archive of obsolete content
for example, to configure a browser to use an intercepting proxy that can handle https traffic, the user must typically: configure their browser to proxy via the tool configure the tool to proxy via their corporate proxy import the tool’s ssl certificate into their browser if any of these steps are carried out incorrectly then the browser will typically fail to connect to any website – debugging such problems can be frustrating and time-consuming.

Proxy UI - Archive of obsolete content
the entries are on a per-protocol basis for: http, ssl (https), ftp, gopher.

The Download Manager schema - Archive of obsolete content
see also nsidownloadmanager nsidownloadmanagerui nsidownloadprogresslistener ...

URIScheme - Archive of obsolete content
list of mozilla supported uri schemes list of uri schemes http:// by default, port 80 https:// by default, port 443 (ssl) ftp:// by default, port 21 file:// : file:///etc/hosts on unix/linux, file:///c:/some/file.txt on windows.

Introduction to XUL - Archive of obsolete content
internationalization for practical reasons, the locale-specific attributes of a ui description would be most happily developed (and possibly distributed) in separate files, where localization can be performed by altering only a subset of the ui description devoted expressly to localization issues.

The Joy of XUL - Archive of obsolete content
xpinstall enables users to effortlessly install new xul applications over the internet or from corporate intranet servers.

XULBrowserWindow - Archive of obsolete content
in order to do so it implements the following interfaces: nsisupports nsixulbrowserwindow nsiwebprogresslistener nsiwebprogresslistener2 nsisupportsweakreference note: this page is not complete at this time.

The Implementation of the Application Object Model - Archive of obsolete content
the resultant file, although still relatively easy to manipulate, is bloated needlessly with extra syntax that is not strictly necessary.

What XULRunner Provides - Archive of obsolete content
extension manager file picker (uses native os filepicker as appropriate) find toolbar helper app dialog/ui security ui (maintenance of ssl keychains, etc) embedding apis the following embedding apis are provided by xulrunner: cross-platform embedding (xre_initembedding) javaxpcom embedding gtkmozembed (linux only) activex control (windows only) (not yet complete) obsolete since gecko 7.0 nsview-based-widget (mac os x only) (not yet complete) the "maybe" list the following features have been discussed and may be included...

2006-11-3 - Archive of obsolete content
community is advised to perform tests on both builds to ensure they work flawlessly.

2006-12-01 - Archive of obsolete content
it is basically a java classloader that creates classes from javascript files.

Common Firefox theme issues and solutions - Archive of obsolete content
@media all and (-moz-windows-compositor) { /* make transition to fullscreen mode seamlessly in firefox 10+ */ #main-window[infullscreen="true"] { -moz-appearance: none; background-color: -moz-dialog!important; } } for more information about this issue please see bug 732757 and bug 732757 and this mozillazine thread.

Making sure your theme works with RTL locales - Archive of obsolete content
tart -moz-border-start-color -moz-border-start-style -moz-border-start-width -moz-border-end -moz-border-end-color -moz-border-end-style -moz-border-end-width #urlbar-search-splitter { min-width: 8px; -moz-margin-start: -4px; border: none; background: transparent; } testing your theme testing your theme for rtl compatibility is easy, and you do not even have to go through the hassle of downloading a rtl locale.

LiveConnect Overview - Archive of obsolete content
there are cases where liveconnect will fail to load a class, and you will need to manually load it like this: var widgetry = java.lang.thread.currentthread().getcontextclassloader().loadclass("org.mywidgets.widgetry"); in javascript 1.3 and earlier, javaclass objects are not automatically converted to instances of java.lang.class when you pass them as parameters to java methods—you must create a wrapper around an instance of java.lang.class.

Archive of obsolete content
jxon jxon (lossless javascript xml object notation) is a generic name by which is defined the representation of javascript objects using xml.

Introduction to game development for the Web - Game development
no waiting breathlessly for approval while someone hidden within another company decides whether or not your critical bug fix will ship today or tomorrow.

Plug-in Development Overview - Gecko Plugin API Reference
displaying messages on the status line functionally, your plug-in is seamlessly integrated into the browser and operates as an addition to current browser capabilities.

PNG - MDN Web Docs Glossary: Definitions of Web-related terms
png (portable network graphics) is a graphics file format that supports lossless data compression.

Static typing - MDN Web Docs Glossary: Definitions of Web-related terms
in most of these languages, types must be expressly indicated by the programmer; in other cases (such as ocaml), type inference allows the programmer to not indicate their variable types.

Brotli - MDN Web Docs Glossary: Definitions of Web-related terms
brotli is a general-purpose lossless compression algorithm.

GIF - MDN Web Docs Glossary: Definitions of Web-related terms
gif (graphics interchange format) is an image format that uses lossless compression and can be used for animations.

HTTPS - MDN Web Docs Glossary: Definitions of Web-related terms
it uses ssl or tls to encrypt all communication between a client and a server.

lossy compression - MDN Web Docs Glossary: Definitions of Web-related terms
see also lossless compression ...

Time to first byte - MDN Web Docs Glossary: Definitions of Web-related terms
this time includes dns lookup and establishing the connection using a tcp handshake and ssl handshake if the request is made over https.

WebP - MDN Web Docs Glossary: Definitions of Web-related terms
webp is a lossless and lossy compression image format developed by google.

HTML: A good basis for accessibility - Learn web development
this is a lot of extra hassle to build the functionality back in.

HTML: A good basis for accessibility - Learn web development
this is a lot of extra hassle to build the functionality back in.

CSS FAQ - Learn web development
for example, many developers only using the -webkit- prefixed version of a property when the non-prefixed version is supported across all browsers meant that a feature relying on that property would break in non-webkit-based browsers, completely needlessly.

What text editors are available? - Learn web development
save yourself the hassle of retyping all this by using a code snippet to pre-fill your document.

How does the Internet work? - Learn web development
deeper dive a simple network when two computers need to communicate, you have to link them, either physically (usually with an ethernet cable) or wirelessly (for example with wifi or bluetooth systems).

How much does it cost to do something on the Web? - Learn web development
your website is yours, and you can migrate seamlessly from one hosting provider to the next.

Example 2 - Learn web development
rgba(0,0,0,.4); -moz-box-sizing : border-box; box-sizing : border-box; min-width : 100%; max-height: 10em; /* 100px */ overflow-y: auto; overflow-x: hidden; } .select .option { padding: .2em .3em; } .select .highlight { background: #000; color: #ffffff; } javascript content window.addeventlistener("load", function () { var form = document.queryselector('form'); form.classlist.remove("no-widget"); form.classlist.add("widget"); }); result for js no js html content <form class="no-widget"> <select name="myfruit"> <option>cherry</option> <option>lemon</option> <option>banana</option> <option>strawberry</option> <option>apple</option> </select> <div class="select"> <span class="value">cherry</span> <ul class="optlist hidde...

Creating hyperlinks - Learn web development
here's an example with a download link to the latest windows version of firefox: <a href="https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-us" download="firefox-latest-64bit-installer.exe"> download latest firefox for windows (64-bit) (english, us) </a> active learning: creating a navigation menu for this exercise, we'd like you to link some pages together with a navigation menu to create a multi-page website.

Server-side web frameworks - Learn web development
built by experienced developers, it takes care of much of the hassle of web development, so you can focus on writing your app without needing to reinvent the wheel.

Advanced Svelte: Reactivity, lifecycle, accessibility - Learn web development
actions are also very useful for seamlessly integrating with third party libraries.

Working with Svelte stores - Learn web development
we also saw how to auto-subscribe to stores to seamlessly integrate them with the svelte reactivity system.

Handling common accessibility problems - Learn web development
this is a lot of extra hassle to build the functionality back in.

Handling common JavaScript problems - Learn web development
what you really want is a linter that will fit into your standard workflow with the minimum of hassle.

Client-side tooling overview - Learn web development
you can also find linting tools for other languages, such as csslint.

Package management basics - Learn web development
in theory you may not need a package manager and you could manually download and store your project dependencies, but a package manager will seamlessly handle installing and uninstalling packages.

Mozilla accessibility architecture
ent_menuend nsdocaccessible::scrollpositiondidchange(), then nsdocaccessible::scrolltimercallback() nsiscrollpositonlistener and nsitimer callbacks event_scrollingend (quick timer is used to determine when scrolling pauses or stops, to avoid extra events being fired) nsdocaccessible::onstatechange(), :nsdocaccessible:onlocationchange() nsiwebprogresslistener callback event_state_change (msaa) event_reorder (atk) dom mutation events - multiple uses dom mutation events are a great thing.

Mozilla’s UAAG evaluation report
this is also under preferences, security, ssl, "sending form data from unencrypted page to unencrypted page" 5.6 confirm fee links.

Adding a new event
define event class name you need to add an event class name in eventclasslist.h.

Configuring Build Options
you need to specify --enable-crypto if you want ssl, s/mime, or other software features that require cryptography.

Simple Sunbird build
ubuntu linux: sudo apt-get build-dep sunbird sudo apt-get install mercurial libasound2-dev libcurl4-openssl-dev libnotify-dev libiw-dev autoconf2.13 cvs fedora linux: sudo yum groupinstall 'development tools' 'development libraries' 'gnome software development' sudo yum install mercurial autoconf213 glibc-static libstdc++-static yasm wireless-tools-devel mesa-libgl-devel mac: install xcode tools.

Error codes returned by Mozilla APIs
r_schemavalidator_no_dom_node_specified (0x80640002) ns_error_schemavalidator_no_type_found (0x80640003) ns_error_schemavalidator_type_not_found (0x80640004) note: there are other errors in these files: gfx/public/nsidevicecontext.h base/public/nsneterror.h parser/htmlparser/public/nsiparser.h layout/base/nslayouterrors.h profile/public/nsiprofileinternal.idl security/manager/ssl/public/nsicmsmessageerrors.idl directory/xpcom/base/public/nsildaperrors.idl content/base/public/nscontenterrors.h see also mozilla error lookup lets you quickly look up the error name by its code in different formats.

Performance best practices for Firefox front-end engineers
here’s a simple example, cribbed from this blog post by paul rouget: div1.style.margin = "200px"; // line 1 var height1 = div1.clientheight; // line 2 div2.classlist.add("foobar"); // line 3 var height2 = div2.clientheight; // line 4 dosomething(height1, height2); // line 5 at line 1, we’re setting some style information on a dom node that’s going to result in a reflow - but (at just line 1) it’s okay, because that reflow will happen after the style calculation.

Browser API
mozbrowsersecuritychange sent when the ssl state changes within a browser <iframe>.

Roll your own browser: An embedding how-to
url location field, menu bar, html area, supports ssl.

AddonManager
update_status_security_error the update information was not correctly signed or there was an ssl error.

CustomizableUI.jsm
note that it is expressly not really aware about the specific ui used by users to make customizations.

NetUtil.jsm
}); remarks note: if you specify an nsichannel as the input source, and its notification callbacks have already been set, callers are responsible for implementing nsibadcertlistener and nsisslerrorlistener.

Mozilla Port Blocking
hostriame 102 iso-tsap 103 gppitnp 104 acr-nema 109 pop2 110 pop3 111 sunrpc 113 auth 115 sftp 117 uucp-path 119 nntp 123 ntp 135 loc-srv / epmap 139 netbios 143 imap2 179 bgp 389 ldap 465 smtp+ssl 512 print / exec 513 login 514 shell 515 printer 526 tempo 530 courier 531 chat 532 netnews 540 uucp 556 remotefs 563 nntp+ssl 587 submission 601 syslog 636 ldap+ssl 993 imap+ssl 995 pop3+ssl 2049 ...

Research and prep
e-commerce search these search engines should allow users to get connected to new and used products they want to buy as quickly and painlessly as possible in a "trusted" site -- for example, choosing the most popular auction, general shopping, or classified type sites that have the desired user experience are good choices.

I/O Functions
for example, ssl is a layer on top of a reliable bytestream layer such as tcp.

I/O Types
for example, the netscape implementation of the secure sockets layer (ssl) protocol is implemented as an i/o layer on top of nspr's socket layer.

PRFileDesc
description the fields of this structure are significant only if you are implementing a layer on top of nspr, such as ssl.

Cryptography functions
if documentation is available for a function listed below, the function name is linked to either its mdc wiki page or its entry in the old ssl reference.

FIPS Mode - an explanation
firefox can only use the latest version of ssl, known as "tls", and not the older ssl 2 or ssl 3.0 protocols, and firefox can only talk to those servers that use fips standard encryption algorithms such as aes or triple-des.

4.3 Release Notes
libpkix: an rfc 3280 compliant certificate path validation library (see pkixverify) pk11token.needslogin method (see needslogin) support hmacsha256, hmacsha384, and hmacsha512 (see hmactest.java) support for all nss 3.12 initialization options (see initializationvalues) new ssl error codes (see http://mxr.mozilla.org/security/sour...util/sslerrs.h) ssl_error_unsupported_extension_alert ssl_error_certificate_unobtainable_alert ssl_error_unrecognized_name_alert ssl_error_bad_cert_status_response_alert ssl_error_bad_cert_hash_value_alert new tls cipher suites (see http://mxr.mozilla.org/security/sour...sslsocket.java): tls_rsa_with_camelli...

Using JSS
binary release location nspr4 nspr os abstraction layer http://ftp.mozilla.org/pub/mozilla.org/nspr/releases plc4 nspr standard c library replacement functions plds4 nspr data structure types nss3 nss crypto, pkcs #11, and utilities http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases ssl3 nss ssl library smime3 nss s/mime functions and types nssckbi pkcs #11 module containing built-in root ca certificates.

NSS 3.12.4 release notes
ert bug 485745: modify fipstest.c to support cavs 7.1 drbg testing bug 486304: cert7.db/cert8.db corruption when importing a large certificate (>64k) bug 486405: allocator mismatches in pk12util.c bug 486537: disable execstack in freebl x86_64 builds on linux bug 486698: facilitate the building of major components independently and in a chain manner by downstream distributions bug 486999: calling ssl_setsockpeerid a second time leaks the previous value bug 487007: make lib/jar conform to nss coding style bug 487162: ckfw/capi build failure on windows bug 487239: nssutil.rc doesn't compile on wince bug 487254: sftkmod.c uses posix file io functions on wince bug 487255: sdb.c uses posix file io functions on wince bug 487487: cert_nametoascii reports !invalid ava!

NSS 3.16.1 release notes
new types in sslt.h ssl_padding_xtn - the value of this enum constant changed from the experimental value 35655 to the iana-assigned value 21.

NSS 3.17.3 release notes
nss 3.17.3 source distributions are available on ftp.mozilla.org for secure https download: source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/nss_3_17_3_rtm/src/ new in nss 3.17.3 new functionality support for tls_fallback_scsv has been added to the ssltap and tstclnt utilities.

NSS 3.19.2.4 release notes
security fixes in nss 3.19.2.4 the following security fixes from nss 3.21 have been backported to nss 3.19.2.4: bug 1185033 / cve-2016-1979 - use-after-free during processing of der encoded keys in nss bug 1209546 / cve-2016-1978 - use-after-free in nss during ssl connections in low memory bug 1190248 / cve-2016-1938 - errors in mp_div and mp_exptmod cryptographic functions in nss compatibility nss 3.19.2.4 shared libraries are backward compatible with all older nss 3.x shared libraries.

NSS 3.19.2 release notes
the fix for bug 1138554 has been moved to libssl, and will now only affect the minimum keystrengths used in ssl/tls.

NSS 3.19 release notes
notable changes in nss 3.19 the ssl 3 protocol has been disabled by default.

NSS 3.28.3 release notes
that size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ecpublickey, ecprivatekey, nsslowkeypublickey, nsslowkeyprivatekey, or potentially other data structures that reference ecparams.

NSS 3.29.1 release notes
that size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ecpublickey, ecprivatekey, nsslowkeypublickey, nsslowkeyprivatekey, or potentially other data structures that reference ecparams.

NSS 3.29.3 release notes
notable changes in nss 3.29.3 a rare crash when initializing an ssl socket fails has been fixed.

NSS 3.32 release notes
the websites (tls/ssl) trust bit was turned off for the following root certificates.

NSS 3.33 release notes
in ssl.h ssl_getexperimentalapi - access experimental apis in libssl.

NSS 3.36.2 release notes
bugs fixed in nss 3.36.2 bug 1462303 - connecting to a server that was recently upgraded to tls 1.3 would result in a ssl_rx_malformed_server_hello error.

NSS 3.36.5 release notes
this is a patch release to fix cve-2018-12384 bugs fixed in nss 3.36.5 bug 1483128 - nss responded to an sslv2-compatible clienthello with a serverhello that had an all-zero random (cve-2018-12384) compatibility nss 3.36.5 shared libraries are backward compatible with all older nss 3.x shared libraries.

NSS 3.37.1 release notes
bugs fixed in nss 3.37.1 bug 1462303 - connecting to a server that was recently upgraded to tls 1.3 would result in a ssl_rx_malformed_server_hello error.

NSS 3.38 release notes
new functions in secitem.h secitem_makeitem - allocate and make an item with the requested contents new macros in ssl.h ssl_record_size_limit - used to control the tls record size limit extension notable changes in nss 3.38 fixed cve-2018-0495 in bug 1464971.

NSS 3.44.1 release notes
many new fips test cases (note: this has increased the source archive by approximately 50 megabytes for this release.) bugs fixed in nss 3.44.1 1554336 - optimize away unneeded loop in mpi.c 1515342 - more thorough input checking (cve-2019-11729) 1540541 - don't unnecessarily strip leading 0's from key material during pkcs11 import (cve-2019-11719) 1515236 - add a sslkeylogfile enable/disable flag at build.sh 1473806 - fix seckey_converttopublickey handling of non-rsa keys 1546477 - updates to testing for fips validation 1552208 - prohibit use of rsassa-pkcs1-v1_5 algorithms in tls 1.3 (cve-2019-11727) 1551041 - unbreak build on gcc < 4.3 big-endian compatibility nss 3.44.1 shared libraries are backward compatible with all older ns...

NSS 3.44 release notes
b/freebl/crypto_primitives.c assumes a big endian machine 1532384 - in nss test certificates, use @example.com (not @bogus.com) 1538479 - post-handshake messages after async server authentication break when using record layer separation 1521578 - x25519 support in pk11pars.c 1540205 - freebl build fails with -dnss_disable_chachapoly 1532312 - post-handshake auth doesn't interoperate with openssl 1542741 - certutil -f crashes with segmentation fault 1546925 - allow preceding text in try comment 1534468 - expose chacha20 primitive 1418944 - quote cc/cxx variables passed to nspr 1543545 - allow to build nss as a static library 1487597 - early data that arrives before the handshake completes can be read afterwards 1548398 - freebl_gtest not building on linux/mac 1548722 - fix some co...

NSS 3.47 release notes
- soft token mac verification not constant time bug 1578238 - handle invald tag sizes for ckm_aes_gcm bug 1576295 - check all bounds when encrypting with seed_cbc bug 1580286 - nss rejects tls 1.2 records with large padding with sha384 hmac bug 1577448 - create additional nested s/mime test messages for thunderbird bug 1399095 - allow nss-try to be used to test nspr changes bug 1267894 - libssl should allow selecting the order of cipher suites in clienthello bug 1581507 - fix unportable grep expression in test scripts bug 1234830 - [cid 1242894][cid 1242852] unused values bug 1580126 - fix build failure on aarch64_be while building freebl/gcm bug 1385039 - build nspr tests as part of nss continuous integration bug 1581391 - fix build on openbsd/arm64 after bug #1559012 bug 1581041...

NSS 3.48 release notes
zilla::pkix gtests in nss ci bug 1591315 - update nsc_decrypt length in constant time bug 1562671 - increase nss mp kdf default iteration count, by default for modern key4 storage, optionally for legacy key3.db storage bug 1590972 - use -std=c99 rather than -std=gnu99 bug 1590676 - fix build if arm doesn't support neon bug 1575411 - enable tls extended master secret by default bug 1590970 - ssl_settimefunc has incomplete coverage bug 1590678 - remove -wmaybe-uninitialized warning in tls13esni.c bug 1588244 - nss changes for delegated credential key strength checks bug 1459141 - add more cbc padding tests that missed nss 3.47 bug 1590339 - fix a memory leak in btoa.c bug 1589810 - fix uninitialized variable warnings from certdata.perl bug 1573118 - enable tls 1.3 by default in nss ...

NSS 3.49 release notes
bug 1606025 - remove -wmaybe-uninitialized warning in sslsnce.c bug 1606119 - fix ppc hw crypto build failure bug 1605545 - memory leak in pk11install_platform_generate bug 1602288 - fix build failure due to missing posix signal.h bug 1588714 - implement checkarmsupport for win64/aarch64 bug 1585189 - nss database uses 3des instead of aes to encrypt db entries bug 1603257 - fix ubsan issue in softoken ckm_nss_chacha20_ctr initialization bug 15900...

NSS 3.53 release notes
vsx vector instructions bug 1639033 - fix various compile warnings in nss bug 1640041 - fix a null pointer in security/nss/lib/ssl/sslencode.c:67 bug 1640042 - fix a null pointer in security/nss/lib/ssl/sslsock.c:4460 bug 1638289 - avoid multiple definitions of sha{256,384,512}_* symbols when linking libfreeblpriv3.so in firefox on ppc64le bug 1636389 - relocate deprecated seed algorithm bug 1637083 - lib/ckfw: no such file or directory.

NSS 3.56 release notes
bug 1625791 - fix deadlock issue in nssslot_istokenpresent.

NSS Sample Code
nss sample code the collection of sample code here demonstrates how nss can be used for cryptographic operations, certificate handling, ssl, etc.

NSS Third-Party Code
compiled in sqlite [/lib/sqlite] berkleydb [/lib/dbm] zlib [/lib/zlib] libjar [/lib/jar] fiat-crypto, ring [lib/freebl/ecl] used for tests gtest [/gtests] downloaded by certain test tooling tlsfuzzer [/tests/tlsfuzzer] bogo tests [/tests/bogo] boringssl, openssl [/tests/interop] ...

New NSS Samples
new nss sample code this collection of sample code demonstrates how nss can be used for cryptographic operations, certificate handling, ssl, etc.

Installation guide
nspr: libnspr4.so libplds4.so libplc4.so nss: (note the use of * for libfreebl -- some platforms have multiple ones) libfreebl*3.so libfreebl*3.chk libsoftokn3.so libsoftokn3.chk libnss3.so libsmime3.so libssl3.so libnssckbi.so ...

FC_Initialize
application data\\mozilla\\firefox\\profiles\\default.7tt' certprefix='' keyprefix='' secmod='secmod.db' flags=optimizespace manufacturerid='mozilla.org' librarydescription='psm internal crypto services' cryptotokendescription='generic crypto services' dbtokendescription='software security device' cryptoslotdescription='psm internal cryptographic services' dbslotdescription='psm private keys' fipsslotdescription='psm internal fips-140-1 cryptographic services' fipstokendescription='psm fips-140-1 user private key services' minps=0" see pkcs #11 module specs for complete documentation of the library parameters string.

NSS Key Functions
when an application makes a copy of a particular certificate or key structure that already exists in memory, ssl makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy.

NSS Tools Man Pages - work in progress
certutil certutil pk12util pk12util modutil modutil crlutil crlutil cmsutil cmsutil vfychain vfychain vfyserv vfyserv ssltap ssltap this is still a work in progress and in early stages.

NSS tools : vfychain
-r following certfile is raw binary der (default) -t following cert is explicitly trusted (overrides db trust) -u usage 0=ssl client, 1=ssl server, 2=ssl stepup, 3=ssl ca, 4=email signer, 5=email recipient, 6=object signer, 9=protectedobjectsigner, 10=ocsp responder, 11=any ca -v verbose mode.

troubleshoot.html
if the build fails early on the gmakein coreconf try updating your cvs tree with -p: cd mozilla cvs update -p building a 32-bit version on a 64-bit may fail with: /usr/include/features.h:324:26: fatal error: bits/predefs.h: no such file or directory in this case remember to set use_64=1 testing nss the ssl stress test opens 2,048 tcp connections in quick succession.

Utility functions
if documentation is available for a function listed below, the function name is linked to either its mdc wiki page or its entry in the old ssl reference.

NSS tools : signtool
digital signatures allow ssl-enabled clients to perform two important operations: * confirm the identity of the individual, company, or other entity whose digital signature is associated with the files * check whether the files have been tampered with since being signed if you have a signing certificate, you can use netscape signing tool to digitally sign files and package them as a jar file.

NSS tools : vfychain
-r following certfile is raw binary der (default) -t following cert is explicitly trusted (overrides db trust) -u usage 0=ssl client, 1=ssl server, 2=ssl stepup, 3=ssl ca, 4=email signer, 5=email recipient, 6=object signer, 9=protectedobjectsigner, 10=ocsp responder, 11=any ca -v verbose mode.

Personal Security Manager (PSM)
these operations include setting up an ssl connection, object signing and signature verification, certificate management (including issuance and revocation), and other common pki functions.

Index
if js_cstringsareutf8 is true, then the returned string is utf-8, and the conversion is lossless.

Exact Stack Rooting
this makes js::handlet and js::rootedt behave the same, allowing us to seamlessly weave js::handlets into the js api.

Invariants
but note that a stack frame is not necessarily newer than the next stack frame down, thanks to generators!) an object's scope chain (found by chasing jsobject::fslots[jsslot_parent]) never forms a cycle.

Property cache
vword.isslot() the property has a slot which the interpreter can read directly.

JSObjectOps.setProto
slot uint32 the index of the slot being modified: jsslot_proto for the jsobjectops.setproto callback, and jsslot_parent for the jsobjectops.setparent callback.

JS_EncodeString
if js_cstringsareutf8 is true, then the returned string of js_encodestring is utf-8, and the conversion is lossless.

JS_GetStringBytes
if js_cstringsareutf8 is true, then the returned string is utf-8, and the conversion is lossless.

Signing Mozilla apps for Mac OS X
you can find it by running this command in the terminal: openssl x509 -text -noout -inform der -in devloperid_application.cer | grep subject putting it all together, you'll wind up using a command similar to the one below to sign your app.

Feed content access API
nsifeedprogresslistener implemented by the program that wants to parse an rss or atom feed to receive messages during the parsing process.

Using XPCOM Components
the cookie manager dialog this dialog is written in xul and javascript, and uses a part of xpcom called xpconnect to seamlessly connect to the cookiemanager component (see connecting to components from the interface below).

nsIAccessibleProvider
xformssliderrange 0x00002008 used for range element represented by slider.

nsICRLInfo
security/manager/ssl/public/nsicrlinfo.idlscriptable information on a certificate revocation list (crl) issued by a certificate authority (ca).

nsICRLManager
security/manager/ssl/public/nsicrlmanager.idlscriptable please add a summary to this article.

nsIChannel
securityinfo nsisupports transport-level security information (if any, else null) corresponding to the channel, normally presented through the interfaces nsitransportsecurityinfo and nsisslstatusprovider read only.

nsICookie
issecure boolean true if the cookie was transmitted over ssl, false otherwise.

nsIDataSignatureVerifier
security/manager/ssl/public/nsidatasignatureverifier.idlscriptable an interface for verifying that a given string of data was signed by the private key matching the given public key.

nsIDocumentLoader
it is also responsible for sending nsiwebprogresslistener notifications.

nsIDownload
see also nsidownloadmanager nsidownloadprogresslistener nsixpinstallmanagerui ...

nsIFeedResultListener
see also nsifeedprogresslistener nsisupports interwiki link ...

nsIMsgIncomingServer
usesecauth boolean valid boolean constants constant value description defaultsocket 0 trytls 1 alwaysusetls 2 usessl 3 keepdups 0 deletedups 1 movedupstotrash 2 markdupsread 3 methods clearallvalues() this is really dangerous.

nsIProxyInfo
some special values for this attribute include (but are not limited to) the following: "http" - http proxy (or ssl connect for https) "socks" - socks v5 proxy "socks4" - socks v4 proxy "direct" - no proxy "unknown" - unknown proxy (see nsiprotocolproxyservice.resolve()) a future version of this interface may define additional types.

nsISocketTransportService
currently "starttls", "ssl" and "udp" are supported.

nsIUserCertPicker
security/manager/ssl/public/nsiusercertpicker.idlscriptable please add a summary to this article.

nsIWebBrowserPersist
progresslistener nsiwebprogresslistener callback listener for progress notifications.

wrappedJSObject
this functionality can be used for quick prototyping, as well as to painlessly pass arbitrary js values to the component (which can be used for sharing complex js data in particular).

Mail and RDF
you should learn about rdf before reading this document or you will be hopelessly confused.

Plug-in Basics - Plugins
plug-ins give you an opportunity to seamlessly integrate platform-dependent code and enhance the gecko core functionality by providing support for new data types.

Plug-in Development Overview - Plugins
displaying messages on the status line functionally, your plug-in is seamlessly integrated into the browser and operates as an addition to current browser capabilities.

Break on DOM mutation - Firefox Developer Tools
examples for when this breakpoint is triggered are calling element.setattribute(), element.removeattribute(), and element.classlist.add(), or setting element.id.

DOM allocation example - Firefox Developer Tools
it just contains a script that creates a large number of dom nodes: var toolbarbuttoncount = 20; var toolbarcount = 200; function getrandomint(min, max) { return math.floor(math.random() * (max - min + 1)) + min; } function createtoolbarbutton() { var toolbarbutton = document.createelement("span"); toolbarbutton.classlist.add("toolbarbutton"); // stop spidermonkey from sharing instances toolbarbutton[getrandomint(0,5000)] = "foo"; return toolbarbutton; } function createtoolbar() { var toolbar = document.createelement("div"); // stop spidermonkey from sharing instances toolbar[getrandomint(0,5000)] = "foo"; for (var i = 0; i < toolbarbuttoncount; i++) { var toolbarbutton = createtoolbarbutton(...

Network request details - Firefox Developer Tools
currently it warns you about two weaknesses: using sslv3 instead of tls using the rc4 cipher stack trace tab stack traces are shown in the stack trace tab, for responses that have a stack trace of course.

Network request list - Firefox Developer Tools
if the request used ssl/tls and the connection had security weaknesses such as weak ciphers, you'll see a warning triangle next to the domain.

Animation inspector example: CSS transitions - Firefox Developer Tools
al,sans-serif; overflow: hidden; white-space: nowrap; display: inline-block; opacity: 0; width: 0; transition: opacity 500ms 150ms, width 500ms 150ms; } .icon#selected { filter: grayscale(0%); transform: scale(1.5); } .icon#selected+span { opacity: 1; width: 300px; } javascript content function toggleselection(e) { if (e.button != 0) { return; } if (e.target.classlist.contains("icon")) { var wasselected = (e.target.getattribute("id") == "selected"); clearselection(); if (!wasselected) { e.target.setattribute("id", "selected"); } } } function clearselection() { var selected = document.getelementbyid("selected"); if (selected) { selected.removeattribute("id"); } } document.addeventlistener("click", toggleselection); ...

AddressErrors - Web APIs
properties addressline a domstring which, if present, indicates that the addressline property of the paymentaddress could not be validated.

Ambient Light Events - Web APIs
example if ('ondevicelight' in window) { window.addeventlistener('devicelight', function(event) { var body = document.queryselector('body'); if (event.value < 50) { body.classlist.add('darklight'); body.classlist.remove('brightlight'); } else { body.classlist.add('brightlight'); body.classlist.remove('darklight'); } }); } else { console.log('devicelight event not supported'); } specifications specification status comment ambient light sensorthe definition of 'ambient light events' in that specification.

Animation.startTime - Web APIs
*/ function addcat(){ var newcat = document.createelement("div"); newcat.classlist.add("cat"); return newcat; } /* this is the function that adds a cat to the waapi column */ function animatenewcatwithwaapi() { // make a new cat var newcat = addcat(); // animate said cat with the waapi's "animate" function var newanimationplayer = newcat.animate(keyframes, timing); // set the animation's start time to be the same as the original .cat#withwaapi newanimationpl...

CacheStorage - Web APIs
window.caches will be undefined unless an ssl certificate is configured.

Basic animations - Web APIs
2, h / 2, 400, 4, 4), anima() } function anima() { c.fillstyle = "rgba(0,0,0,0.11)", c.fillrect(0, 0, cc.width, cc.height), fa.foreach(t => t.put()), s.draw(), document.getelementbyid("time").innertext = tmz(), settimeout(() => { requestanimationframe(anima) }, fw) } function emit(t) { key.keydown(t) } function touch(t) { t.classlist.toggle("off"), document.getelementsbyclassname("keypress")[0].classlist.toggle("hide") } var t = new date + "", d = void 0, cc = document.getelementsbytagname("canvas")[0], c = cc.getcontext("2d"); key = {}, key.keydown = function (t) { var e = document.createevent("keyboardevent"); object.defineproperty(e, "keycode", { get: funct...

Element: dblclick event - Web APIs
javascript const card = document.queryselector('aside'); card.addeventlistener('dblclick', function (e) { card.classlist.toggle('large'); }); html <aside> <h3>my card</h3> <p>double click to resize this object.</p> </aside> css aside { background: #fe9; border-radius: 1em; display: inline-block; padding: 1em; transform: scale(.9); transform-origin: 0 0; transition: transform .6s; } .large { transform: scale(1.3); } result specifications specification status ui e...

Element.getElementsByClassName() - Web APIs
var matches = element.getelementsbyclassname('colorbox'); for (var i=0; i<matches.length; i++) { matches[i].classlist.remove('colorbox'); matches.item(i).classlist.add('hueframe'); } instead, use another method, such as: var matches = element.getelementsbyclassname('colorbox'); while (matches.length > 0) { matches.item(0).classlist.add('hueframe'); matches[0].classlist.remove('colorbox'); } this code finds descendant elements with the "colorbox" class, adds the class "hueframe", by calling item(0),...

Element - Web APIs
element.classlist read only returns a domtokenlist containing the list of class attributes.

Using Fetch - Web APIs
utf8decoder.decode(chunk) : ''); startindex = re.lastindex = 0; continue; } yield chunk.substring(startindex, result.index); startindex = re.lastindex; } if (startindex < chunk.length) { // last line didn't end in a newline char yield chunk.substr(startindex); } } async function run() { for await (let line of maketextfilelineiterator(urloffile)) { processline(line); } } run(); checking that the fetch was successful a fetch() promise will reject with a typeerror when a network error is encountered or cors is misconfigured on the server-side, although this usually means permission issues or similar — a 404 does not constitute a network error, for example.

Using files from web applications - Web APIs
function handlefiles(files) { for (let i = 0; i < files.length; i++) { const file = files[i]; if (!file.type.startswith('image/')){ continue } const img = document.createelement("img"); img.classlist.add("obj"); img.file = file; preview.appendchild(img); // assuming that "preview" is the div output where the content will be displayed.

FontFace.FontFace() - Web APIs
yle weight: weight stretch: stretch unicoderange: unicode range variant: variant featuresettings: feature settings example async function loadfonts() { const font = new fontface('myfont', 'url(myfont.woff)'); // wait for font to be loaded await font.load(); // add font to document document.fonts.add(font); // enable font with css class document.body.classlist.add('fonts-loaded'); } specifications specification status comment css font loading module level 3the definition of 'fontface constructor' in that specification.

GlobalEventHandlers.oncontextmenu - Web APIs
ate(0); } to { transform: rotate(1turn); } } .shape { width: 8em; height: 8em; display: flex; align-items: center; justify-content: center; animation: spin 18s linear infinite; background: lightsalmon; border-radius: 42%; margin: 1em; } .paused { background-color: #ddd; } .paused .shape { animation-play-state: paused; } javascript function pause(e) { body.classlist.add('paused'); note.removeattribute('hidden'); } function play(e) { body.classlist.remove('paused'); note.setattribute('hidden', ''); } const body = document.queryselector('body'); const note = document.queryselector('.note'); window.oncontextmenu = pause; window.onpointerdown = play; result specifications specification status comment html living standardt...

GlobalEventHandlers.onmouseup - Web APIs
110px; background: #bbb; border-radius: 10px 10px 0 0; } .toast { position: absolute; left: 50%; top: 50%; z-index: -1; width: 100px; height: 50px; padding: 10px; background: #ed9; border-radius: 10px 10px 0 0; transform: translate(-50%, -90px); transition: transform .3s; } .depressed { transform: translate(-50%, -50%); } javascript function depress() { toast.classlist.add('depressed'); } function release() { toast.classlist.remove('depressed'); } const toaster = document.queryselector('.toaster'); const toast = document.queryselector('.toast'); toaster.onmousedown = depress; document.onmouseup = release; result specification specification status comment html living standardthe definition of 'onmouseup' in that specification...

HTMLDialogElement.show() - Web APIs
the show() method of the htmldialogelement interface displays the dialog modelessly, i.e.

HTMLDialogElement - Web APIs
htmldialogelement.show() displays the dialog modelessly, i.e.

HTMLImageElement.naturalHeight - Web APIs
this is the height the image is if drawn with nothing constraining its height; if you don't specify a height for the image, or place the image inside a container that either limits or expressly specifies the image height, it will be rendered this tall.

HTMLImageElement.naturalWidth - Web APIs
this is the width the image is if drawn with nothing constraining its width; if you neither specify a width for the image nor place the image inside a container that limits or expressly specifies the image width, this is the number of css pixels wide the image will be.

HTMLMediaElement.play() - Web APIs
example this example demonstrates how to confirm that playback has begun and how to gracefully handle blocked automatic playback: let videoelem = document.getelementbyid("video"); let playbutton = document.getelementbyid("playbutton"); playbutton.addeventlistener("click", handleplaybutton, false); playvideo(); async function playvideo() { try { await videoelem.play(); playbutton.classlist.add("playing"); } catch(err) { playbutton.classlist.remove("playing"); } } function handleplaybutton() { if (videoelem.paused) { playvideo(); } else { videoelem.pause(); playbutton.classlist.remove("playing"); } } in this example, playback of video is toggled off and on by the async playvideo() function.

Using microtasks in JavaScript with queueMicrotask() - Web APIs
warning: since microtasks can themselves enqueue more microtasks, and the event loop continues processing microtasks until the queue is empty, there's a real risk of getting the event loop endlessly processing microtasks.

ImageCapture.grabFrame() - Web APIs
ueryselector('button#grabframe'); var canvas = document.queryselector('canvas'); grabframebutton.onclick = grabframe; function grabframe() { imagecapture.grabframe() .then(function(imagebitmap) { console.log('grabbed frame:', imagebitmap); canvas.width = imagebitmap.width; canvas.height = imagebitmap.height; canvas.getcontext('2d').drawimage(imagebitmap, 0, 0); canvas.classlist.remove('hidden'); }) .catch(function(error) { console.log('grabframe() error: ', error); }); } specifications specification status comment mediastream image capturethe definition of 'grabframe()' in that specification.

ImageCapture.takePhoto() - Web APIs
var takephotobutton = document.queryselector('button#takephoto'); var canvas = document.queryselector('canvas'); takephotobutton.onclick = takephoto; function takephoto() { imagecapture.takephoto().then(function(blob) { console.log('took photo:', blob); img.classlist.remove('hidden'); img.src = url.createobjecturl(blob); }).catch(function(error) { console.log('takephoto() error: ', error); }); } specifications specification status comment mediastream image capturethe definition of 'takephoto()' in that specification.

Using IndexedDB - Web APIs
ompat-list"></ul>'); compat_envs.foreach(function(val, idx, array) { $('#compat-list').append('<li>' + val[0] + ': ' + val[1] + '</li>'); }); const db_name = 'mdn-demo-indexeddb-epublications'; const db_version = 1; // use a long long for this value (don't use a float) const db_store_name = 'publications'; var db; // used to keep track of which view is displayed to avoid uselessly reloading it var current_view_pub_key; function opendb() { console.log("opendb ..."); var req = indexeddb.open(db_name, db_version); req.onsuccess = function (evt) { // equal to: db = req.result; db = this.result; console.log("opendb done"); }; req.onerror = function (evt) { console.error("opendb:", evt.target.errorcode); }; req.onupgrade...

firesTouchEvents - Web APIs
syntax var boolean = inputdevicecapabilities.firestouchevents returns a boolean example mybutton.addeventlistener('mousedown', function(e) { if (!e.sourcecapabilities.firestouchevents) mybutton.classlist.add("pressed"); }); specifications specification status comment inputdevicecapabilitiesthe definition of 'firetouchevents' in that specification.

InputDeviceCapabilities API - Web APIs
if (!e.sourcecapabilities.firestouchevents) mybutton.classlist.add("pressed"); }); interfaces inputdevicecapabilities provides logical information about an input device.

MediaDevices.getDisplayMedia() - Web APIs
since getdisplaymedia() requires a video track, the returned stream will have one even if no video track is expressly requested by the constraints object.

MediaDevices.getUserMedia() - Web APIs
only a window's top-level document context for a valid origin can even request permission to use getusermedia(), unless the top-level context expressly grants permission for a given <iframe> to do so using feature policy.

MediaRecorder - Web APIs
function(e) { console.log("data available after mediarecorder.stop() called."); var clipname = prompt('enter a name for your sound clip'); var clipcontainer = document.createelement('article'); var cliplabel = document.createelement('p'); var audio = document.createelement('audio'); var deletebutton = document.createelement('button'); clipcontainer.classlist.add('clip'); audio.setattribute('controls', ''); deletebutton.innerhtml = "delete"; cliplabel.innerhtml = clipname; clipcontainer.appendchild(audio); clipcontainer.appendchild(cliplabel); clipcontainer.appendchild(deletebutton); soundclips.appendchild(clipcontainer); audio.controls = true; var blob = new blob(chunks, { 'type' : 'audio/ogg...

MediaStreamTrack.getSettings() - Web APIs
note: the returned object identifies the current values of every constrainable property, including those which are platform defaults rather than having been expressly set by the site's code.

Using the MediaStream Recording API - Web APIs
he chunks we have received: mediarecorder.onstop = function(e) { console.log("recorder stopped"); const clipname = prompt('enter a name for your sound clip'); const clipcontainer = document.createelement('article'); const cliplabel = document.createelement('p'); const audio = document.createelement('audio'); const deletebutton = document.createelement('button'); clipcontainer.classlist.add('clip'); audio.setattribute('controls', ''); deletebutton.innerhtml = "delete"; cliplabel.innerhtml = clipname; clipcontainer.appendchild(audio); clipcontainer.appendchild(cliplabel); clipcontainer.appendchild(deletebutton); soundclips.appendchild(clipcontainer); const blob = new blob(chunks, { 'type' : 'audio/ogg; codecs=opus' }); chunks = []; const audiourl = window...

MutationObserverInit.attributes - Web APIs
if you set either attributefilter or attributeoldvalue to true, attributes is automatically assumed to be true, even if you don't expressly set it as such.

MutationObserverInit.characterData - Web APIs
if you set characterdataoldvalue to true, characterdata is automatically assumed to be true, even if you don't expressly set it as such.

MutationObserverInit.characterDataOldValue - Web APIs
if you set characterdataoldvalue to true, characterdata is automatically assumed to be true, even if you don't expressly set it as such.

PaymentAddress - Web APIs
properties paymentaddress.addressline read only an array of domstring objects providing each line of the address not included among the other properties.

PerformanceResourceTiming.connectEnd - Web APIs
the timestamp value includes the time interval to establish the transport connection, as well as other time intervals such as ssl handshake and socks authentication.

Range.commonAncestorContainer - Web APIs
t document.addeventlistener('pointerup', e => { const selection = window.getselection(); if (selection.type === 'range') { for (let i = 0; i < selection.rangecount; i++) { const range = selection.getrangeat(i); playanimation(range.commonancestorcontainer); } } }); function playanimation(el) { if (el.nodetype === node.text_node) { el = el.parentnode; } el.classlist.remove('highlight'); settimeout(() => { el.classlist.add('highlight'); }, 0); } result specifications specification status comment domthe definition of 'range.commonancestorcontainer' in that specification.

ReadableStreamDefaultReader.read() - Web APIs
utf8decoder.decode(chunk) : ""); startindex = re.lastindex = 0; continue; } yield chunk.substring(startindex, result.index); startindex = re.lastindex; } if (startindex < chunk.length) { // last line didn't end in a newline char yield chunk.substr(startindex); } } for await (let line of maketextfilelineiterator(urloffile)) { processline(line); } specifications specification status comment streamsthe definition of 'read()' in that specification.

SVGElement - Web APIs
authors are advised to use element.classlist instead.

WebGLRenderingContext.makeXRCompatible() - Web APIs
messagebox("unable to transfer the game to your xr headset.", "cancel"); break; case invalidstateerror: showsimplemessagebox("you don't appear to have a compatible xr headset available.", "cancel"); break; default: handlefatalerror(err); break; } xrsession.end(); } } async function handlestartbuttonclick(event) { if (event.target.classlist.contains("use-webxr") && navigator.xr) { try { xrsession = await navigator.xr.requestsession("immersive-vr"); usingxr = true; } catch(err) { xrsession = null; usingxr = false; } } startgame(); } function startgame() { currentscene = "scene1"; loadsceneresources(currentscene); /* and so on */ } this works by having two buttons, one which starts ...

Establishing a connection: The WebRTC perfect negotiation pattern - Web APIs
perfect negotiation concepts perfect negotiation makes it possible to seamlessly and completely separate the negotiation process from the rest of your application's logic.

Window: blur event - Web APIs
html <p id="log">click on this document to give it focus.</p> css .paused { background: #ddd; color: #555; } javascript function pause() { document.body.classlist.add('paused'); log.textcontent = 'focus lost!'; } function play() { document.body.classlist.remove('paused'); log.textcontent = 'this document has focus.

Window: focus event - Web APIs
html <p id="log">click on this document to give it focus.</p> css .paused { background: #ddd; color: #555; } javascript function pause() { document.body.classlist.add('paused'); log.textcontent = 'focus lost!'; } function play() { document.body.classlist.remove('paused'); log.textcontent = 'this document has focus.

Window.open() - Web APIs
coding carelessly to open new windows can no longer be assured of success, cannot succeed by force and, if it does, it will annoy a majority of users.

HTML in XMLHttpRequest - Web APIs
this limitation avoids wasting time parsing html uselessly when legacy code uses xmlhttprequest in the default mode to retrieve responsetext for text/html resources.

XRReferenceSpace: reset event - Web APIs
this is typically the desired behavior if your site or app doesn't simulate motion through the space by expressly changing the position and/or orientation of the viewer (rather than the user's physical movements being used by the xr device to introduce movement).

XRSession.inputSources - Web APIs
the read-only inputsources property of the xrsession interface returns an xrinputsourcearray object which lists all controllers and input devices which are expressly associated with the xr device and are currently available.

ARIA: switch role - Accessibility
text in these elements remains visible to the user agent and may be read or otherwise delivered to the user, unless it's expressly hidden using display: none or aria-hidden="true".

::before (:before) - CSS: Cascading Style Sheets
i.done::before { content: ''; position: absolute; border-color: #009933; border-style: solid; border-width: 0 0.3em 0.25em 0; height: 1em; top: 1.3em; left: 0.6em; margin-top: -1em; transform: rotate(45deg); width: 0.5em; } javascript var list = document.queryselector('ul'); list.addeventlistener('click', function(ev) { if (ev.target.tagname === 'li') { ev.target.classlist.toggle('done'); } }, false); here is the above code example running live.

CSS reference - CSS: Cascading Style Sheets
ck formatting context box model containing block layout mode margin collapsing replaced elements stacking context visual formatting model dom-css / cssom major object types documentorshadowroot.stylesheets stylesheets[i].cssrules cssrules[i].csstext (selector & style) cssrules[i].selectortext htmlelement.style htmlelement.style.csstext (just style) element.classname element.classlist important methods cssstylesheet.insertrule() cssstylesheet.deleterule() ...

Live streaming web audio and video - Developer guides
rtmp comes in various flavours including rtmpe (encrypted), rtmps (secure over ssl/tls) and rtmpt (encapsulated within http requests).

Rich-Text Editing in Mozilla - Developer guides
r26fxlc2mzrvbccebz2kirfd414tkmlezbvgt33+qcohgha81swysew0r1uzfnylmtpx80pngqq91lwvk2jgvgnfvzg6ycyrat16gftw5kkkfo1eqltfh5q2ett0biwf+aitq4fdbk+imyo1oxvgf03wafjqvbckvdffryetxqiffygazths0zwagd7fg5tnnyntp8/fzvgwjofmgg7gox0sakkgqgdmgkbi0njgmeimpgdk5+wacewed0ywblhguz4hw5oduekrblt7dtgdegxacsiznx8zpmwh7k4rkpjcuhdxcul6mdsmmbxdlwch2+xozsgbnzsncee4euyv4pwcpswypw0uhdybkswu1nyjendreqtkjwn2+zvttc1vmstb/mvev/weyslasslimcohobjxw+n3ap/sjefnl5gepzmpu4kg7opr1+tofpyuu3becwykcwqcdfmwfkauo90fhkdinbcamvqnymgqueagqwcohbdc1rjv9pild8ibvkz6qyviibqgtjpx4k0xpigezorn1da0cij4vfr0ta3wvbxh/rjdcufv6r2zpgph/e4pxsbcpeatqprjniso203/5s/za171mv8+w1loaaaaaelftksuqmcc"> <img class="intlink" title="undo" onclick="formatdoc('undo');" src="data:image/gif;base64,r0lgodlhfgawaomkadljwlie33morpgjuykl8aezxqpd+7/i19dv3nha7p////////////////////...

Making content editable - Developer guides
r26fxlc2mzrvbccebz2kirfd414tkmlezbvgt33+qcohgha81swysew0r1uzfnylmtpx80pngqq91lwvk2jgvgnfvzg6ycyrat16gftw5kkkfo1eqltfh5q2ett0biwf+aitq4fdbk+imyo1oxvgf03wafjqvbckvdffryetxqiffygazths0zwagd7fg5tnnyntp8/fzvgwjofmgg7gox0sakkgqgdmgkbi0njgmeimpgdk5+wacewed0ywblhguz4hw5oduekrblt7dtgdegxacsiznx8zpmwh7k4rkpjcuhdxcul6mdsmmbxdlwch2+xozsgbnzsncee4euyv4pwcpswypw0uhdybkswu1nyjendreqtkjwn2+zvttc1vmstb/mvev/weyslasslimcohobjxw+n3ap/sjefnl5gepzmpu4kg7opr1+tofpyuu3becwykcwqcdfmwfkauo90fhkdinbcamvqnymgqueagqwcohbdc1rjv9pild8ibvkz6qyviibqgtjpx4k0xpigezorn1da0cij4vfr0ta3wvbxh/rjdcufv6r2zpgph/e4pxsbcpeatqprjniso203/5s/za171mv8+w1loaaaaaelftksuqmcc"> <img class="intlink" title="undo" onclick="formatdoc('undo');" src="data:image/gif;base64,r0lgodlhfgawaomkadljwlie33morpgjuykl8aezxqpd+7/i19dv3nha7p////////////////////...

HTML attribute: crossorigin - HTML: Hypertext Markup Language
the "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side ssl certificates or http authentication as described in the terminology section of the cors specification, unless it is in the same origin.

<input type="radio"> - HTML: Hypertext Markup Language
the user never sees the value or the name (unless you expressly add code to display it).

<input type="submit"> - HTML: Hypertext Markup Language
so you should be in the habit of expressly specifying which button is the submit button.

<p>: The Paragraph element - HTML: Hypertext Markup Language
switch back!">use pilcrow for paragraphs</button> </p> css p { margin: 0; text-indent: 3ch; } p.pilcrow { text-indent: 0; display: inline; } p.pilcrow + p.pilcrow::before { content: " ¶ "; } javascript document.queryselector('button').addeventlistener('click', function (event) { document.queryselectorall('p').foreach(function (paragraph) { paragraph.classlist.toggle('pilcrow'); }); var newbuttontext = event.target.dataset.toggletext; var oldtext = event.target.innertext; event.target.innertext = newbuttontext; event.target.dataset.toggletext = oldtext; }); result accessibility concerns breaking up content into paragraphs helps make a page more accessible.

<tr>: The Table Row element - HTML: Hypertext Markup Language
if no value is expressly set for align, the parent node's value is inherited.

Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel - HTTP
this error occurs when attempting to preflight a header that is not expressly allowed (that is, it's not included in the list specified by the access-control-allow-headers header sent by the server).

HTTP caching - HTTP
the expiration time is computed as follows: expirationtime = responsetime + freshnesslifetime - currentage where responsetime is the time at which the response was received according to the browser.

CSP: upgrade-insecure-requests - HTTP
the upgrade-insecure-requests directive will not ensure that users visiting your site via links on third-party sites will be upgraded to https for the top-level navigation and thus does not replace the strict-transport-security (hsts) header, which should still be set with an appropriate max-age to ensure that users are not subject to ssl stripping attacks.

X-Forwarded-Proto - HTTP
examples x-forwarded-proto: https other non-standard forms: # microsoft front-end-https: on x-forwarded-protocol: https x-forwarded-ssl: on x-url-scheme: https specifications not part of any current specification.

Link prefetching FAQ - HTTP
in the current implementation (mozilla 1.2), idle time is determined using the nsiwebprogresslistener api.

CONNECT - HTTP
for example, the connect method can be used to access websites that use ssl (https).

Proxy servers and tunneling - HTTP
this is how a client behind an http proxy can access websites using ssl (i.e.

Inheritance and the prototype chain - JavaScript
grossly deprecated and non-performant.

Promise - JavaScript
this is a hassle, and for this reason, it is common to omit rejectionfunc throughout the chain of .then() promises, and just have a single rejectionfunc in the final catch().

String - JavaScript
rather than having lines that go on endlessly, or wrap at the whim of your editor, you may wish to specifically break the string into multiple lines in the source code without affecting the actual string contents.

Optional chaining (?.) - JavaScript
the optional chaining operator (?.) permits reading the value of a property located deep within a chain of connected objects without having to expressly validate that each reference in the chain is valid.

for...of - JavaScript
over a dom collection iterating over dom collections like nodelist: the following example adds a read class to paragraphs that are direct descendants of an article: // note: this will only work in platforms that have // implemented nodelist.prototype[symbol.iterator] const articleparagraphs = document.queryselectorall('article > p'); for (const paragraph of articleparagraphs) { paragraph.classlist.add('read'); } closing iterators in for...of loops, abrupt iteration termination can be caused by break, throw or return.

Populating the page: how browsers work - Web Performance
time to interactive (tti) is the measurement of how long it took from that first request which led to the dns lookup and ssl connection to when the page is interactive -- interactive being the point in time after the first contentful paint when the page responds to user interactions within 50ms.

Web Performance
glossary terms beacon brotli compression client hints code splitting cssom domain sharding effective connection type first contentful paint first cpu idle first input delay first interactive first meaningful paint first paint http http/2 jank latency lazy load long task lossless compression lossy compression main thread minification network throttling packet page load time page prediction parse perceived performance prefetch prerender quic rail real user monitoring resource timing round trip time (rtt) server timing speculative parsing speed index ssl synthetic monitoring tcp handshake tcp slow start time to first byte time to interactive tls...

Privacy, permissions, and information security
http/2 while http/2 technically does not have to use encryption, most browser developers are only supporting it when used with https, so it can be thought of in that regard as being security-related permissions api provides a way to determine the status of permissions for the current browser context transport layer security (tls); formerly known as secure sockets layer (ssl) tls provides security and privacy by encrypting data during transport over the network.

visibility - SVG: Scalable Vector Graphics
ss="invisible" /> <path d="m0 0h24v24h0z" fill="none" /> </svg> <span> click me </span> </button> css svg { display: inline !important; } span { vertical-align: 50%; } button { line-height: 1em; } .invisible { visibility: hidden; } javascript document.queryselector("button").addeventlistener("click", function (evt) { this.queryselector("svg > path:nth-of-type(1)").classlist.toggle("invisible"); this.queryselector("svg > path:nth-of-type(2)").classlist.toggle("invisible"); }); specifications specification status comment css level 2 (revision 1)the definition of 'visibility' in that specification.

Basic Transformations - SVG: Scalable Vector Graphics
embedding svg in svg in contrast to html, svg allows you to embed other svg elements seamlessly.

Information Security Basics - Web security
confidentiality, integrity, and availability describes the primary security objectives, which are absolutely fundamental to understanding security security controls defines major categories of security controls and discusses their potential disadvantages tcp/ip security an overview of the tcp/ip model, with a focus on the security considerations for ssl threats briefly introduces major threat concepts vulnerabilities defines the major categories of vulnerabilities and discusses the presence of vulnerabilities in all software ...

Insecure passwords - Web security
to fix this issue, install and configure an ssl/tls certificate onto your server.

How to fix a website with blocked mixed content - Web security
or use a free online crawler like ssl-check or missing padlock, a desktop crawler like httpschecker, or a cli tool like mcdetect to check your website recursively and find links to insecure content.

Mixed content - Web security
you could also use an online crawler like ssl-check or missing padlock that will check your website recursively and find links to insecure content.

Securing your site - Web security
you can use this to prevent your site from being used improperly; in addition, you can use it to establish resources that other sites are expressly permitted to use.

Subresource Integrity - Web security
tools for generating sri hashes you can generate sri hashes from the command-line with openssl using a command invocation such as this: cat filename.js | openssl dgst -sha384 -binary | openssl base64 -a or with shasum using a command invocation such as this: shasum -b -a 384 filename.js | awk '{ print $1 }' | xxd -r -p | base64 notes: the pipe-through-xxd step takes the hexadecimal output from shasum and converts it to binary.

Web security
it uses ssl or tls to encrypt all communication between a client and a server.

Using shadow DOM - Web Components
note: as this blog post shows, it is actually fairly easy to work around closed shadow doms, and the hassle to completely hide them is often more than it's worth.

XPath
jxon jxon (lossless javascript xml object notation) is a generic name by which is defined the representation of javascript objects using xml.