mask-origin - CSS: Cascading Style Sheets
the mask-origin css property sets the origin of a mask.
... /* keyword values */ mask-origin: content-box; mask-origin: padding-box; mask-origin: border-box; mask-origin: margin-box; mask-origin: fill-box; mask-origin: stroke-box; mask-origin: view-box; /* multiple values */ mask-origin: padding-box, content-box; mask-origin: view-box, fill-box, border-box; /* non-standard keyword values */ -webkit-mask-origin: content; -webkit-mask-origin: padding; -webkit-mask-origin: border; /* global values */ mask-origin: inherit; mask-origin: initial; mask-origin: unset; for elements rendered as a single box, this property specifies the mask positioning area.
... in other words, this property specifies the origin position of an image specified by the mask-image css property.
...And 3 more matches

Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz' - HTTP
reason reason: cors header 'access-control-allow-origin' does not match 'xyz' what went wrong?
... simply put, the origin making the request does not match any of the origins permitted by the access-control-allow-origin header.
... this error can also occur if the response includes more than one access-control-allow-origin header.
...And 3 more matches

transform-origin - SVG: Scalable Vector Graphics
the transform-origin svg attribute sets the origin for an item’s transformations.
... note: as a presentation attribute in svg, transform-origin corresponds in syntax and behavior to the transform-origin property in css, and can be used as css property to style svg.
... see the css transform-origin property for more information.
...And 3 more matches

Origin - MDN Web Docs Glossary: Definitions of Web-related terms
web content's origin is defined by the scheme (protocol), host (domain), and port of the url used to access it.
... two objects have the same origin only when the scheme, host, and port all match.
... some operations are restricted to same-origin content, and this restriction can be lifted using cors.
...And 2 more matches

Event.explicitOriginalTarget - Web APIs
the explicit original target of the event.
...for example, mouse events are retargeted to their parent node when they happen over text nodes (see bug 185889), and in that case currenttarget will show the parent and explicitoriginaltarget will show the text node.
... explicitoriginaltarget differs from originaltarget in that it will never contain anonymous content.
...And 2 more matches

WindowOrWorkerGlobalScope.origin - Web APIs
the origin read-only property of the windoworworkerglobalscope interface returns the origin of the global scope, serialized as a string.
... syntax var myorigin = self.origin; // or just origin value a usvstring.
... examples executed from inside a worker script, the following snippet will log the worker's global scope's origin to the console each time it receives a message onmessage = function() { console.log(self.origin); }; if the origin is not a scheme/host/port tuple (say you are trying to run it locally, i.e.
...And 2 more matches

background-origin - CSS: Cascading Style Sheets
the background-origin css property sets the background's origin: from the border start, inside the border, or inside the padding.
... note that background-origin is ignored when background-attachment is fixed.
... syntax /* keyword values */ background-origin: border-box; background-origin: padding-box; background-origin: content-box; /* global values */ background-origin: inherit; background-origin: initial; background-origin: unset; the background-origin property is specified as one of the keyword values listed below.
...And 2 more matches

Origin - HTTP
the origin request header indicates where a fetch originates from.
... note: the origin header is not set on fetch requests with a method of head or get (this behavior was corrected in firefox 65 — see bug 1508661).
... header type request header forbidden header name yes syntax origin: null origin: <scheme> "://" <hostname> [ ":" <port> ] directives <scheme> the protocol that is used.
...And 2 more matches

Timing-Allow-Origin - HTTP
the timing-allow-origin response header specifies origins that are allowed to see values of attributes retrieved via features of the resource timing api, which would otherwise be reported as zero due to cross-origin restrictions.
... header type response header forbidden header name no syntax timing-allow-origin: * timing-allow-origin: <origin>[, <origin>]* directives * the server may specify "*" as a wildcard, thereby allowing any origin to see timing resources.
... <origin> specifies a uri that may see the timing resources.
...And 2 more matches

Document.origin - Web APIs
use self.origin instead.
... the document.origin read-only property returns the document's origin.
... in most cases, this property is equivalent to document.defaultview.location.origin.
... syntax var origin = document.origin; examples var origin = document.origin; // on this page, returns:'https://developer.mozilla.org' var origin = document.origin; // on "about:blank", returns:'null' var origin = document.origin; // on "data:text/html,<b>foo</b>", returns:'null' ...

Performance.timeOrigin - Web APIs
the timeorigin read-only property of the performance interface returns the high resolution timestamp of the start time of the performance measurement.
... syntax var timeorigin = performance.timeorigin value a high resolution timestamp.
... specifications specification status high resolution time level 2the definition of 'timeorigin' in that specification.
... desktopmobilechromeedgefirefoxinternet exploreroperasafariandroid webviewchrome for androidfirefox for androidopera for androidsafari on iossamsung internettimeorigin experimentalchrome full support 62edge full support 16firefox full support 53ie ?

URL.origin - Web APIs
the origin read-only property of the url interface returns a usvstring containing the unicode serialization of the origin of the represented url.
... for blob: urls, the origin of the url following blob: will be used, e.g "blob:https://mozilla.org" will be returned as "https://mozilla.org".
... syntax const originstring = url.origin value a usvstring.
... examples const url = new url("blob:https://mozilla.org:443/") console.log(url.origin); // logs 'https://mozilla.org' specifications specification status comment urlthe definition of 'url.origin' in that specification.

URLUtilsReadOnly.origin - Web APIs
the urlutilsreadonly.origin read-only property is a domstring containing the unicode serialization of the origin of the represented url, that is, for http and https, the scheme followed by '://', followed by the domain, followed by ':', followed by the port (the default port, 80 and 443 respectively, if explicitely specified).
... this version of origin is implemented by workerlocation for use on workers.
... syntax string = object.origin; examples // on this page, returns the origin var result = self.location.origin; // returns:'https://developer.mozilla.org:443' specifications specification status comment urlthe definition of 'urlutilsreadonly.origin' in that specification.
... desktopmobilechromeedgefirefoxinternet exploreroperasafariandroid webviewchrome for androidfirefox for androidopera for androidsafari on iossamsung internetorigin experimentalchrome no support noedge no support nofirefox full support 29ie no support noopera no support nosafari no support now...

Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed - HTTP
reason reason: multiple cors header ‘access-control-allow-origin’ not allowed what went wrong?
... more than one access-control-allow-origin header was sent by the server.
... if you have access to the server you can change your implementation to echo back an origin in the access-control-allow-origin header.
... you cannot send back a list of origins, because browsers only accept a value that is either a single origin or null ...

Cross-Origin-Resource-Policy - HTTP
note: due to a bug in chrome, setting cross-origin-resource-policy can break pdf rendering, preventing visitors from being able to read past the first page of some pdfs.
... due to a bug in firefox, setting cross-origin-resource-policy can prevent some resources (such as pdfs) from being downloaded in some circumstances.
... the http cross-origin-resource-policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
... header type response header forbidden header name no syntax cross-origin-resource-policy: same-site | same-origin | cross-origin examples the response header below will cause compatible user agents to disallow cross-origin no-cors requests: cross-origin-resource-policy: same-origin for more examples, see https://resourcepolicy.fyi/.

horiz-origin-x - SVG: Scalable Vector Graphics
the horiz-origin-x attribute indicates the x-coordinate in the font coordinate system of the origin of a glyph to be used when drawing horizontally oriented text.
... note: the origin applies to all glyphs in the font.
... only one element is using this attribute: <font> usage notes value <number> default value 0 animatable no <number> this value indicates the x-coordinate of the origin of a glyph for horizontally oriented text.
... specifications specification status comment scalable vector graphics (svg) 1.1 (second edition)the definition of 'horiz-origin-x' in that specification.

horiz-origin-y - SVG: Scalable Vector Graphics
the horiz-origin-y attribute indicates the y-coordinate in the font coordinate system of the origin of a glyph to be used when drawing horizontally oriented text.
... note: the origin applies to all glyphs in the font.
... only one element is using this attribute: <font> usage notes value <number> default value 0 animatable no <number> this value indicates the x-coordinate of the origin of a glyph for horizontally oriented text.
... specifications specification status comment scalable vector graphics (svg) 1.1 (second edition)the definition of 'horiz-origin-y' in that specification.

Event.originalTarget - Web APIs
the original target of the event before any retargetings.
... (mozilla-specific) in presence of xbl anonymous content this will be the anonymous node the event originally fired on.
... note: originaltarget may also be native anonymous content (see bug 208427), in which case it's useless for non-privileged code.

ExtendableMessageEvent.origin - Web APIs
the origin read-only property of the extendablemessageevent interface returns the origin of the client that sent the message.
... syntax var myorigin = extendablemessageevent.origin; value a usvstring.
... var port; self.addeventlistener('push', function(e) { var obj = e.data.json(); if(obj.action === 'subscribe' || obj.action === 'unsubscribe') { port.postmessage(obj); } else if(obj.action === 'init' || obj.action === 'chatmsg') { port.postmessage(obj); } }); self.onmessage = function(e) { console.log(e.origin); port = e.ports[0]; } specifications specification status comment service workersthe definition of 'extendablemessageevent.origin' in that specification.

HTMLMediaElement.crossOrigin - Web APIs
the htmlmediaelement.crossorigin property is the cors setting for this image element.
... specifications specification status comment html living standardthe definition of 'htmlmediaelement.crossorigin' in that specification.
... living standard no change from html5 html5the definition of 'htmlmediaelement.crossorigin' in that specification.

Location: ancestorOrigins - Web APIs
the ancestororigins read-only property of the location interface is a static domstringlist containing, in reverse order, the origins of all ancestor browsing contexts of the document associated with the given location object.
... you can use location.ancestororigins in the script for a document to determine, for example, whenever the document is being framed by a site which you don’t expect it to be framed by.
... syntax const ancestors = location.ancestororigins; specifications specification status comment html living standardthe definition of 'ancestororigins ' in that specification.

MessageEvent.origin - Web APIs
the origin read-only property of the messageevent interface is a usvstring representing the origin of the message emitter.
... syntax var origin = messageevent.origin; value a usvstring representing the origin.
... example myworker.onmessage = function(e) { result.textcontent = e.data; console.log('message received from worker'); console.log(e.origin); }; specifications specification status comment html living standardthe definition of 'messageevent: origin' in that specification.

PaymentRequestEvent.paymentRequestOrigin - Web APIs
the paymentrequestorigin read-only property of the paymentrequestevent interface returns the origin where the paymentrequest object was initialized.
... syntax var ausvstring = paymentrequestevent.paymentrequestorigin value a usvstring.
... specifications specification status comment payment handler apithe definition of 'paymentrequestorigin' in that specification.

SecurityPolicyViolationEvent.originalPolicy - Web APIs
the originalpolicy read-only property of the securitypolicyviolationevent interface is a domstring containing the policy whose enforcement uncovered the violation.
... syntax let origpolicy = violationeventinstance.originalpolicy; value a domstring representing the policy whose enforcement uncovered the violation.
... example document.addeventlistener("securitypolicyviolation", (e) => { console.log(e.originalpolicy); }); specifications specification status comment content security policy level 3the definition of 'originalpolicy' in that specification.

ServiceWorkerMessageEvent.origin - Web APIs
the origin read-only property of the serviceworkermessageevent interface returns the origin of the service worker's environment settings object.
... syntax var myorigin = serviceworkermessageeventinstance.origin; value a domstring.
... // set up a message channel to communicate with the sw var channel = new messagechannel(); channel.port1.onmessage = function(e) { console.log(e.origin); handlechannelmessage(e.data); } mysw = reg.active; mysw.postmessage('hello', [channel.port2]); }); ...

WindowOrWorkerGlobalScope.crossOriginIsolated - Web APIs
the crossoriginisolated read-only property of the windoworworkerglobalscope interface returns a boolean value that indicates whether a sharedarraybuffer can be sent via a window.postmessage() call.
... this value is dependant on any cross-origin-opener-policy and cross-origin-embedder-policy headers present in the response.
... syntax var mycrossoriginisolated = self.crossoriginisolated; // or just crossoriginisolated value a boolean value examples if(crossoriginisolated) { // post sharedarraybuffer } else { // do something else } specifications specification status comment html living standardthe definition of 'crossoriginisolated' in that specification.

Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’ - HTTP
reason reason: credential is not supported if the cors header ‘access-control-allow-origin’ is ‘*’ what went wrong?
... the cors request was attempted with the credentials flag set, but the server is configured using the wildcard ("*") as the value of access-control-allow-origin, which doesn't allow the use of credentials.
... if, instead, you need to adjust the server's behavior, you'll need to change the value of access-control-allow-origin to grant access to the origin from which the client is loaded.

Reason: CORS header ‘Origin’ cannot be added - HTTP
reason reason: cors header ‘origin’ cannot be added what went wrong?
... the user agent was unable to add the required origin header to the http request.
... all cors requests must have an origin header.

origin - SVG: Scalable Vector Graphics
the origin attribute specifies the origin of motion for an animation.
... only one element is using this attribute: <animatemotion> context notes value default default value default animatable no specifications specification status comment svg animations level 2the definition of 'origin' in that specification.
... editor's draft no change scalable vector graphics (svg) 1.1 (second edition)the definition of 'origin' in that specification.

vert-origin-x - SVG: Scalable Vector Graphics
the vert-origin-x attribute indicates the x-coordinate in the font coordinate system of the origin of a glyph to be used when drawing vertically oriented text.
... only one element is using this attribute: <font> usage notes value <number> default value half of horiz-adv-x value animatable no <number> this value indicates the x-coordinate of the origin of a glyph for vertically oriented text.
... specifications specification status comment scalable vector graphics (svg) 1.1 (second edition)the definition of 'vert-origin-x' in that specification.

vert-origin-y - SVG: Scalable Vector Graphics
the vert-origin-y attribute indicates the y-coordinate in the font coordinate system of the origin of a glyph to be used when drawing vertically oriented text.
... only one element is using this attribute: <font> usage notes value <number> default value ascent value animatable no <number> this value indicates the y-coordinate of the origin of a glyph for vertically oriented text.
... specifications specification status comment scalable vector graphics (svg) 1.1 (second edition)the definition of 'vert-origin-y' in that specification.

HTMLHyperlinkElementUtils.origin - Web APIs
the htmlhyperlinkelementutils.origin read-only property is a usvstring containing the unicode serialization of the origin of the represented url; that is: for url using the http or https, the scheme followed by '://', followed by the domain, followed by ':', followed by the port (the default port, 80 and 443 respectively, if explicitely specified); for url using file: scheme, the value is browser dependant; for url using the blob: scheme, the origin of the url following blob:.
... syntax string = object.origin; examples // on this page, returns the origin var result = window.location.origin; // returns:'https://developer.mozilla.org' specifications specification status comment html living standardthe definition of 'htmlhyperlinkelementutils.origin' in that specification.

Location: origin - Web APIs
the origin read-only property of the location interface is a usvstring containing the unicode serialization of the origin of the represented url; that is: for url using the http or https, the scheme followed by '://', followed by the domain, followed by ':', followed by the port (the default port, 80 and 443 respectively, if explicitely specified); for url using file: scheme, the value is browser dependant; for url using the blob: scheme, the origin of the url following blob:.
... syntax string = object.origin; examples // on this page, returns the origin var result = window.location.origin; // returns:'https://developer.mozilla.org' specifications specification status comment html living standardthe definition of 'origin' in that specification.

PaymentRequestEvent.topOrigin - Web APIs
the toporigin read-only property of the paymentrequestevent interface returns the top level payee origin where the paymentrequest object was initialized.
... syntax var ausvstring = paymentrequestevent.toporigin value a usvstring specifications specification status comment payment handler apithe definition of 'toporigin' in that specification.

Same-origin policy - MDN Web Docs Glossary: Definitions of Web-related terms
the same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin.

ui.alertNotificationOrigin
ui.alertnotificationorigin controls the position and direction from which popup notifications invoked by nsialertsservice are sliding in.

Index - Web APIs
the child interfaces include information from the browser such as the challenge origin and either may be returned from publickeycredential.response.
... 312 bluetoothdevice.uuids api, bluetoothdevice, experimental, property, reference, uuids, web bluetooth api the bluetoothdevice.uuids read-only property lists the uuids of gatt services provided by the device, that the current origin is allowed to access.
... 362 broadcast channel api api, broadcast channel api, html api, overview, reference the broadcast channel api allows simple communication between browsing contexts (that is windows, tabs, frames, or iframes) with the same origin (usually pages from the same site).
...And 82 more matches

HTTP Index - HTTP
19 cross-origin resource policy (corp) http, reference, security cross-origin resource policy is an opt-in mechanism that allows web applications to protect against certain cross-origin requests, such as those issued by the browser when resources are embedded using elements such as <script> and <img>.
... this serves as an additional layer of protection above and beyond the same-origin policy which can mitigate speculative side channel attacks as well as cross-site script inclusion attacks.
... cross-origin resource policy complements cross-origin read blocking (corb), which is a mechanism to prevent some cross-origin reads by default.
...And 43 more matches

window.postMessage() - Web APIs
the window.postmessage() method safely enables cross-origin communication between window objects; e.g., between a page and a pop-up that it spawned, or between a page and an iframe embedded within it.
... normally, scripts on different pages are allowed to access each other if and only if the pages they originate from share the same protocol, port number, and host (also known as the "same-origin policy").
... syntax targetwindow.postmessage(message, targetorigin, [transfer]); targetwindow a reference to the window that will receive the message.
...And 24 more matches

Geometry and reference spaces in WebXR - Web APIs
rotation is the application of a matrix that rotates a point around the origin of the object's coordinate system.
... on the origins of spaces a complete xr-enhanced scene—whether virtual or augmented—is a composite of anywhere from one to potentially dozens of frames of reference.
... this is the native origin of the space, corresponding to a specific physical location in the user's environment.
...And 21 more matches

Inputs and input sources - Web APIs
when the targeting ray mode is gaze, the ray's origin is at the viewer and simply aims in the direction the user is facing.
... more flexible is the tracked-pointer mode, in which the ray's origin is at a handheld controller or hand tracking system's origin and extends outward in the direction in which the controller is pointing.
...this space's native origin is located at the point from which the target ray is emitted (such as the front tip of the controller, or the end of a gun barrel if the controller is being rendered as a gun, for example), and the space's orientation vector extends outward along the path of the target ray.
...And 19 more matches

Storage access policy: Block cookies from trackers
browser caches: the http cache, the image cache, and the alternative services (alt-svc) cache are all partitioned for tracking resources, such that each top-level origin will have a separate partition and tracking resources on different top-level origins will be cached separate from each other.
... http connection reuse by domains classified as trackers is limited to requests that occur under the same top-level origin.
... http referrers the default referrer policy for third-party resources classified as trackers is set to strict-origin-when-cross-origin.
...And 18 more matches

DOMMatrixReadOnly - Web APIs
none of the following methods alter the original matrix.
...the original matrix is not modified.
...the original matrix is not modified.
...And 18 more matches

Script security
the security model for web content is based on the same-origin policy, in which code gets full access to objects from its origin but highly restricted access to objects from a different origin.
... the rules for determining whether an object is same-origin with another, and what access is allowed cross-origin, are now mostly standardized across browsers.
... security policy gecko implements the following security policy: objects that are same-origin are able to access each other freely.
...And 16 more matches

ui/frame - Archive of obsolete content
so there are three cases to consider: sending messages from a frame script to the main add-on code sending messages from the main add-on code to all instances of a frame, across all browser windows sending messages from the main add-on code to a single instance of a frame, attached to a specific browser window in all cases, postmessage() takes two arguments: the message itself and a targetorigin.
... the targetorigin argument can be either the uri of the document hosted by the target, or the wildcard "*".
...this takes two arguments, the message itself and a target origin.
...And 15 more matches

Index - MDN Web Docs Glossary: Definitions of Web-related terms
the term base64 originates from a specific mime content transfer encoding.
... 48 cors glossary, infrastructure, security cors (cross-origin resource sharing) is a system, consisting of transmitting http headers, that determines whether browsers block frontend javascript code from accessing responses for cross-origin requests.
...challenge-response protocols are one way to fight against replay attacks where an attacker listens to the previous messages and resends them at a later time to get the same credentials as the original message.
...And 15 more matches

Using Feature Policy - HTTP
feature policy allows you to control which origins can use which features, both in the top-level page and in embedded frames.
... essentially, you write a policy, which is an allowed list of origins for each feature.
... for every feature controlled by feature policy, the feature is only enabled in the current document or frame if its origin matches the allowed list of origins.
...And 15 more matches

SourceMap.jsm
get a reference to the module: let sourcemap = {}; components.utils.import('resource:///modules/devtools/sourcemap.jsm', sourcemap); sourcemapconsumer a sourcemapconsumer instance represents a parsed source map which we can query for information about the original file positions by giving it a file position in the generated source.
... sources: an array of urls to the original source files.
... sourcemapconsumer.prototype.originalpositionfor(generatedposition) returns the original source, line, and column information for the generated source's line and column positions provided.
...And 14 more matches

<iframe>: The Inline Frame element - HTML: Hypertext Markup Language
allowpaymentrequest set to true if a cross-origin <iframe> should be allowed to invoke the payment request api.
... no-referrer-when-downgrade (default): the referer header will not be sent to origins without tls (https).
... origin: the sent referrer will be limited to the origin of the referring page: its scheme, host, and port.
...And 14 more matches

<link>: The External Resource Link element - HTML: Hypertext Markup Language
take this example: <link rel="preload" href="myfont.woff2" as="font" type="font/woff2" crossorigin="anonymous"> a rel value of preload indicates that the browser should preload this resource (see preloading content with rel="preload" for more details), with the as attribute indicating the specific class of content being fetched.
... the crossorigin attribute indicates whether the resource should be fetched with a cors request.
... value applies to audio <audio> elements document <iframe> and <frame> elements embed <embed> elements fetch fetch, xhr this value also requires <link> to contain the crossorigin attribute.
...And 14 more matches

Index - HTTP
10 access-control-allow-origin access control, access-control-allow-origin, cors, dealing with cors, http, http header, how to fix cors, reference, security, cross-origin issue, header, origin the access-control-allow-origin response header indicates whether the response can be shared with requesting code from the given origin.
...it allows web developers to have more control over the data stored locally by a browser for their origins.
...with a few exceptions, policies mostly involve specifying server origins and script endpoints.
...And 14 more matches

HTTP headers - HTTP
custom proprietary headers have historically been used with an x- prefix, but this convention was deprecated in june 2012 because of the inconveniences it caused when nonstandard fields became standard in rfc 6648; others are listed in an iana registry, whose original content was defined in rfc 4229.
... accept-ch-lifetime servers can ask the client to remember the set of client hints that the server supports for a specified period of time, to enable delivery of client hints on subsequent requests to the server’s origin ([rfc6454]).
... vary determines how to match request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server.
...And 14 more matches

Document.requestStorageAccess() - Web APIs
if the document has a null origin, reject.
... if the sub frame's origin is equal to the main frame's, resolve.
... assuming all of the requirements above are satisfied, firefox will automatically grant storage access to the requesting origin on up to a threshold number of first-party origins in the current session for the duration of user’s session, up to a maximum of 24 hours.
...And 13 more matches

Storage Access API - Web APIs
the storage access api provides a way for embedded, cross-origin content to gain unrestricted access to storage that it would normally only have access to in a first-party context (we refer to this as an origin’s first-party storage).
... concepts and usage most browsers implement a number of storage access policies that restrict access to cookies and site data for embedded, cross-origin resources.
... these restrictions range from giving embedded resources under each top-level origin a unique storage space to outright blocking of storage access when resources are loaded in a third-party context.
...And 13 more matches

Storage API - Web APIs
web storage api data managed using window.localstorage history state information saved using history.pushstate() application caches notification data other kinds of site-accessible, site-specific data that may be maintained site storage units the site storage system described by the storage standard and interacted with using the storage api consists of a single site storage unit for each origin.
... origin 1 has some web storage data as well as some indexeddb data, but also has some free space left; its current usage hasn't yet reached its quota.
... origin 2 has no data stored in it yet; it's just an empty box waiting for content.
...And 12 more matches

Referrer-Policy - HTTP
header type response header forbidden header name no syntax the original header name referer is a misspelling of the word "referrer".
... referrer-policy: no-referrer referrer-policy: no-referrer-when-downgrade referrer-policy: origin referrer-policy: origin-when-cross-origin referrer-policy: same-origin referrer-policy: strict-origin referrer-policy: strict-origin-when-cross-origin referrer-policy: unsafe-url directives no-referrer the referer header will be omitted entirely.
...the origin, path, and querystring of the url are sent as a referrer when the protocol security level stays the same (http→http, https→https) or improves (http→https), but isn't sent to less secure destinations (https→http).
...And 12 more matches

Transformations - Web APIs
with transformations there are more powerful ways to translate the origin to a different position, rotate the grid and even scale it.
...ngs ctx.save(); // save the current state ctx.fillstyle = '#fff'; // make changes to the settings ctx.globalalpha = 0.5; ctx.fillrect(30, 30, 90, 90); // draw a rectangle with new settings ctx.restore(); // restore previous state ctx.fillrect(45, 45, 60, 60); // draw a rectangle with restored settings ctx.restore(); // restore original state ctx.fillrect(60, 60, 30, 30); // draw a rectangle with restored settings } <canvas id="canvas" width="150" height="150"></canvas> draw(); the first step is to draw a large rectangle with the default settings.
... when the second restore() statement is called, the original state (the one we set up before the first call to save) is restored and the last rectangle is once again drawn in black.
...And 11 more matches

DOMMatrixReadOnly.scale() - Web APIs
the scale() method of the dommatrixreadonly interface creates a new matrix being the result of the original matrix with a scale transform applied.
... dommatrix.scale(scalex[, scaley][, scalez][, originx][, originy][, originz]) parameters scalex a multiplier for the scale value on the x-axis.
... originx optional an x-coordinate for the origin of the transformation.
...And 11 more matches

Feature-Policy: fullscreen - HTTP
by default, top-level documents and their same-origin child frames can request and enter fullscreen mode.
... this directive allows or prevents cross-origin frames from using fullscreen mode.
... this includes same-origin frames.
...And 11 more matches

Feature-Policy: geolocation - HTTP
by default, the geolocation api can be used within top-level documents and their same-origin child frames.
... this directive allows or prevents cross-origin frames from accessing geolocation.
... this includes same-origin frames.
...And 11 more matches

Browser storage limits and eviction criteria - Web APIs
the "last access time" of origins is updated when any of these are activated/deactivated — origin eviction will delete data for all these quota clients.
...this will only be evicted if the user chooses to (for example, in firefox you can choose to delete all stored data or only stored data from selected origins by going to preferences and using the options under privacy & security > cookies & site data).
...in firefox, an internal browser tool called the quota manager keeps track of how much disk space each origin is using up, and deletes data if necessary.
...And 10 more matches

Spaces and reference spaces: Spatial tracking in WebXR - Web APIs
thus, a reference space can be used to define the position and orientation of a point and by extension the entire object for which that point is the origin.
... the world space; the origin of this space is the origin of the webgl coordinate system underlying the entire 3d canvas.
... the player, avatar, or camera; the origin of this space is used as the camera position for rendering the scene to be displayed to the user.
...And 10 more matches

Using CSS transforms - CSS: Cascading Style Sheets
css transforms properties two major properties are used to define css transforms: transform and transform-origin transform-origin specifies the position of the origin.
... <img style="transform: rotate(90deg); transform-origin: bottom left;" src="https://udn.realityripple.com/samples/6d/6633f3efc0.png"> skewing and translating here is the mdn logo, skewed by 10 degrees and translated by 150 pixels on the x-axis.
... <img style="transform: skewx(10deg) translatex(150px); transform-origin: bottom left;" src="https://udn.realityripple.com/samples/6d/6633f3efc0.png"> 3d specific css properties performing css transformations in 3d space is a bit more complex.
...And 10 more matches

Content Security Policy (CSP) - HTTP
browsers that don't support it still work with servers that implement it, and vice-versa: browsers that don't support csp simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content.
... if the site doesn't offer the csp header, browsers likewise use the standard same-origin policy.
... example 1 a web site administrator wants all content to come from the site's own origin (this excludes subdomains.) content-security-policy: default-src 'self' example 2 a web site administrator wants to allow content from a trusted domain and all its subdomains (it doesn't have to be the same domain that the csp is set on.) content-security-policy: default-src 'self' *.trusted.com example 3 a web site administrator wants to allow users of a web application to include images f...
...And 10 more matches

Planned changes to shared memory - JavaScript
for top-level documents, two headers will need to be set: cross-origin-opener-policy with same-origin as value (protects your origin from attackers) cross-origin-embedder-policy with require-corp as value (protects victims from your origin) with these two headers set, postmessage() will no longer throw for sharedarraybuffer objects and shared memory across threads is therefore available.
... nested documents and dedicated workers will need to set the cross-origin-embedder-policy header as well with the same value.
... no further changes are needed for same-origin nested documents and subresources.
...And 10 more matches

nsIDOMMozNetworkStatsManager
nsidomdomrequest getsamples(in nsisupports network, in jsval start, in jsval end, [optional] in jsval options /* networkstatsgetoptions */); parameters network the origin of the data.
...if null, data measurement from both origins are merged.
... to know in advance which kind of origin is available, the moznetworkstatsmanager.getavailablenetworks method returns an array of interfaces.
...And 9 more matches

Using Service Workers - Web APIs
in order to facilitate local development, localhost is considered a secure origin by browsers as well.
...it is different in the following ways: in the original, we only passed in a url to an image we wanted to load.
... next, we use the serviceworkercontainer.register() function to register the service worker for this site, which is just a javascript file residing inside our app (note this is the file's url relative to the origin, not the js file that references it.) the scope parameter is optional, and can be used to specify the subset of your content that you want the service worker to control.
...And 9 more matches

Coordinate systems - CSS: Cascading Style Sheets
this fixed point is called the origin.
... the position is specified as the number of pixels offset from the origin along each dimension of the context.
...these are generally only different in terms of where their origin is located.
...And 9 more matches

filter - CSS: Cascading Style Sheets
filter: blur(5px) <table class="standard-table"> <thead> <tr> <th style="text-align: left;" scope="col">original image</th> <th style="text-align: left;" scope="col">live example</th> <th style="text-align: left;" scope="col">svg equivalent</th> <th style="text-align: left;" scope="col">static example</th> </tr> </thead> <tbody> <tr> <td><img alt="test_form.jpg" id="img1" class="internal default" src="/files/3710/test_form_2.jpg" style="width: 100%;" /></td> <td><...
...lute; top: -99999px" xmlns="http://www.w3.org/2000/svg"> <filter id="brightness"> <fecomponenttransfer> <fefuncr type="linear" slope="[amount]"/> <fefuncg type="linear" slope="[amount]"/> <fefuncb type="linear" slope="[amount]"/> </fecomponenttransfer> </filter> </svg> <table class="standard-table"> <thead> <tr> <th style="text-align: left;" scope="col">original image</th> <th style="text-align: left;" scope="col">live example</th> <th style="text-align: left;" scope="col">svg equivalent</th> <th style="text-align: left;" scope="col">static example</th> </tr> </thead> <tbody> <tr> <td><img alt="test_form.jpg" id="img1" class="internal default" src="/files/3708/test_form.jpg" style="width: 100%;" /></td> <td><im...
... <fefuncr type="linear" slope="[amount]" intercept="-(0.5 * [amount]) + 0.5"/> <fefuncg type="linear" slope="[amount]" intercept="-(0.5 * [amount]) + 0.5"/> <fefuncb type="linear" slope="[amount]" intercept="-(0.5 * [amount]) + 0.5"/> </fecomponenttransfer> </filter> </svg> <table class="standard-table"> <thead> <tr> <th style="text-align: left;" scope="col">original image</th> <th style="text-align: left;" scope="col">live example</th> <th style="text-align: left;" scope="col">svg equivalent</th> <th style="text-align: left;" scope="col">static example</th> </tr> </thead> <tbody> <tr> <td><img alt="test_form_3.jpeg" id="img1" class="internal default" src="/files/3712/test_form_3.jpeg" style="width: 100%;" /></td> <...
...And 9 more matches

Appendix: What you should know about open-source software licenses - Archive of obsolete content
this document was authored by yutaka kachi and was originally published in japanese for the firefox developers conference summer 2007.
... pros and cons the modified bsd license was originally created by the university of california at berkeley for distributing a unix-like operating system.
... the deleted advertising clause the original bsd license contained an advertising clause, which stated that “any advertising for software using an modification of this source code must display the name of the original developer.” this clause has been removed.
...And 8 more matches

Index - Archive of obsolete content
241 firefox addons developer guide the original document is in japanese and distributed via the xuldev.org website.
...the mini-branch is created so you can check in the build scripts with the necessary changes without touching the original branch.
... 484 creating a help content pack original doc: http://www.mozilla.org/projects/help.../content_packs i hesitate to call it "original", tho, because i've basically rewritten the entire thing so that it's easier and faster to use to create help content.
...And 8 more matches

Index
2 an overview of nss internals api, intermediate, intro, nss, tools a high-level overview to the internals of network security services (nss) software developed by the mozilla.org projects traditionally used its own implementation of security protocols and cryptographic algorithms, originally called netscape security services, nowadays called network security services (nss).
...it was originally developed for telecommunication systems at times where it was critical to minimize data as much as possible (although it still makes sense to use that principle today for good performance).
... nss database types nss originally used berkeleydb databases to store security information.
...And 8 more matches

XRReferenceSpace - Web APIs
reset the reset event is sent to an xrreferencespace object when the browser detects a discontinuity has occurred wherein the tracked object's origin relative to the user's environment or location.
... this can happen, for example, after the user recalibrates their xr device, or if the device automatically adjusts its origin after losing and regaining tracking.
... xrboundedreferencespace local a tracking space whose native origin is located near the viewer's position at the time the session was created.
...And 8 more matches

<script>: The Script element - HTML: Hypertext Markup Language
crossorigin normal script elements pass minimal information to the window.onerror for scripts which do not pass the standard cors checks.
... no-referrer-when-downgrade (default): the referer header will not be sent to origins without tls (https).
... origin: the sent referrer will be limited to the origin of the referring page: its scheme, host, and port.
...And 8 more matches

Web video codec guide - Web media technologies
the simplest guideline is this: anything that makes the encoded video look more like the original, uncompressed, video will generally make the resulting data larger as well.
...if the codec converts the media into an internal pixel format, or otherwise represents the image using a means other than simple pixels, the format of the original image doesn't make any difference.
... resolution (width and height) higher resolution video, presented in the same screen size, will typically be able to more accurately portray the original scene, barring effects introduced during compression.
...And 8 more matches

XRReferenceSpace: reset event - Web APIs
the reset event is sent to an xrreferencespace object when a discontinuity is detected in either the native origin or the effective origin, causing a jump in the position or orientation of objects oriented using the reference space.
... this is common when the user calibrates or recalibrates an xr device, or if the device automatically changes its origin after losing tracking of the user, then re-gaining it.
... in either case, the event is sent before any webxr animation frames which make use of the new origin are executed.
...And 7 more matches

<img>: The Image Embed element - HTML: Hypertext Markup Language
there are many other attributes to achieve various purposes: referrer/cors control for security and privacy: see crossorigin and referrerpolicy.
... crossorigin indicates if the fetching of the image must be done using a cors request.
... if the crossorigin attribute is not specified, then a non-cors request is sent (without the origin request header), and the browser marks the image as tainted and restricts access to its image data, preventing its usage in <canvas> elements.
...And 7 more matches

X-Frame-Options - HTTP
header type response header forbidden header name no syntax there are two possible directives for x-frame-options: x-frame-options: deny x-frame-options: sameorigin directives if you specify deny, not only will attempts to load the page in a frame fail when loaded from other sites, attempts to do so will fail when loaded from the same site.
... on the other hand, if you specify sameorigin, you can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.
... sameorigin the page can only be displayed in a frame on the same origin as the page itself.
...And 7 more matches

Appendix C: Avoiding using eval in Add-ons - Archive of obsolete content
such implementations are meant to be used within a very different security context, namely a website, where the origin of the data is usually known in all instances and where vulnerabilities would have a much smaller impact.
... alternative: replace + function.apply() you may replace the original function with a new function, keeping a reference to the original function which you then call from the new one.
...// this will encapsulate local variables such as _original and // not pollute the global namespace.
...And 6 more matches

Priority Content - Archive of obsolete content
note: use example at sample:original document information to credit original authors.
... book length works in progress: netscape gecko plugin api reference 1.0 original: netscape gecko plugin api reference 1.0 wiki location: gecko plugin api reference migrators: started: core javascript reference 1.5 original: core javascript reference 1.5 wiki location: core javascript 1.5 reference migrators: deb richardson in progress: transforming xml: netscape and xslt 1.0 original: transforming xml: netscape and xslt 1.0 wiki location: transforming xml with xslt migrators: serge k.
... keller in progress: rapid application development with mozilla original: author's page and planned host, ben's temporary host wiki location: toc and links page still under construction.
...And 6 more matches

nsIJSON
return value the original javascript object, reconstructed from the json string.
... return value the original javascript object, reconstructed from the json string.
... return value a jsobject which is the original javascript object, reconstructed from the json string.
...And 6 more matches

nsIProtocolHandler
inherits from: nsisupports last changed in gecko 2.0 (firefox 4 / thunderbird 3.3 / seamonkey 2.1) method overview boolean allowport(in long port, in string scheme); nsichannel newchannel(in nsiuri auri); nsiuri newuri(in autf8string aspec, in string aorigincharset, in nsiuri abaseuri); attributes attribute type description defaultport long the default port is the port the protocol uses by default.
... uri_forbids_automatic_document_replacement 1<<5 "automatic" loads that would replace the document (such as a meta refresh, certain types of xlinks, and other non-user-triggered loads) are not allowed if the originating uri has this protocol flag.
... uri_is_local_file 1<<9 uris for this protocol from other origins should only be allowed if those origins should have access to the local file system.
...And 6 more matches

Storage Inspector - Firefox Developer Tools
storage inspector user interface the storage inspector ui is split into three main components: storage tree table widget sidebar storage tree the storage tree lists all the storage types that the storage inspector can inspect: under each type, objects are organized by origin.
... for cookies, the protocol does not differentiate the origin.
... for indexed db or local storage an origin is a combination of protocol + hostname.
...And 6 more matches

Comparison of Event Targets - Web APIs
event.explicitoriginaltarget event.webidl if the event was retargeted for some reason other than an anonymous boundary crossing, this will be set to the target before the retargeting occurs.
... for example, mouse events are retargeted to their parent node when they happen over text nodes (bug 185889), and in that case .target will show the parent and .explicitoriginaltarget will show the text node.
... unlike .originaltarget, .explicitoriginaltarget will never contain anonymous content.
...And 6 more matches

Basic concepts - Web APIs
like most web storage solutions, indexeddb follows a same-origin policy.
... indexeddb adheres to a same-origin policy.
... an origin is the domain, application layer protocol, and port of a url of the document where the script is being executed.
...And 6 more matches

Introducing the CSS Cascade - CSS: Cascading Style Sheets
the cascade is an algorithm that defines how to combine property values originating from different sources.
... origin of css declarations the css cascade algorithm's job is to select css declarations in order to determine the correct values for css properties.
... css declarations originate from different origins: the user-agent stylesheets, the author stylesheets, and the user stylesheets.
...And 6 more matches

Feature-Policy: unsized-media - HTTP
syntax feature-policy: unsized-media <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 6 more matches

Feature-Policy - HTTP
<allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 6 more matches

Drawing graphics - Learn web development
graphics on the web as we talked about in our html multimedia and embedding module, the web was originally just text, which was very boring, so images were introduced — first via the <img> element and later via css properties such as background-image, and svg.
... the below example shows a simple 2d canvas-based bouncing balls animation that we originally met in our introducing javascript objects module: around 2006–2007, mozilla started work on an experimental 3d canvas implementation.
... parameters 4 and 5 define the width and height of the area we want to cut out from the original image we loaded.
...And 5 more matches

nss tech note5
ernal slot, may not be optimal */ prepare the key if using a raw key /* turn the raw key into a secitem */ secitem keyitem; keyitem.data = /* ptr to an array of key bytes */ keyitem.len = /* length of the array of key bytes */ /* turn the secitem into a key object */ pk11symkey* symkey = pk11_importsymkey(slot, ciphermech, pk11_originunwrap, cka_encrypt, &keyitem, null); if generating the key - see section generate a symmetric key <big>prepare the parameter for crypto context.
...s int slot, may not be optimal */ prepare the key if using a raw key /* turn the raw key into a secitem */ secitem keyitem; keyitem.data = /* ptr to an array of key bytes */ keyitem.len = /* length of the array of key bytes */ /* turn the secitem into a key object */ pk11symkey* symkey = pk11_importsymkey(slot, digestmech, pk11_originunwrap, cka_digest, &keyitem, null); if generating the key - see section generate a symmetric key.
...*/ prepare the key if using a raw key /* turn the raw key into a secitem */ secitem keyitem; keyitem.type = sibuffer; keyitem.data = /* ptr to an array of key bytes */ keyitem.len = /* length of the array of key bytes */ /* turn the secitem into a key object */ pk11symkey* symkey = pk11_importsymkey(slot, hmacmech, pk11_originunwrap, cka_sign, &keyitem, null); if generating the key - see section generate a symmetric key.
...And 5 more matches

Index
the result is structured cloned back to the original context, unless it is native (for example, if it returns a dom node, this is not structured cloned, because the original context will see that through an xraywrapper already), so it's guaranteed to behave predictably.
...for example, privileged code using an xray to a dom object sees only the original, native version of the dom object.
...they differ in their respective origin: 165 iaccessibleeditabletext interfaces, xpcom, xpcom interface reference this interface is typically used in conjunction with the iaccessibletext interface and complements that interface with the additional capability of clipboard operations.
...And 5 more matches

Components.utils.Sandbox
system principal to specify the system principal, you can create it using code like: cc["@mozilla.org/systemprincipal;1"].createinstance(ci.nsiprincipal); content principal you can specify a content principal for a particular origin in one of three ways: as an nsiprincipal, for example by using the nodeprincipal property of a dom node as an nsidomwindow, such as that returned by the dom window property as a string uri like "http://www.example.com/" (discouraged) when possible, specify a window or an nsiprincipal object instead of using a string uri.
... window objects and nsiprincipal carry additional information such as origin attributes and same-origin privilege changes caused by setting document.domain.
... wantxrays a boolean value indicating whether the sandbox wants xray vision with respect to same-origin objects outside the sandbox.
...And 5 more matches

Components.utils.exportFunction
allowcrossoriginarguments: do not check that arguments to the exported function are subsumed by the caller: this allows the caller to pass objects with a different origin into the exported function, which can then use its privileged status to make cross-origin requests with them.
... modifying the argument while cloning creates a copy of an object, an xray for an object refers to the original, so any changes to the argument that are made in the exported function will affect the original object that was passed in: // privileged scope: for example, a content script function changemyname(user) { user.name = "bill"; } exportfunction(changemyname, contentwindow, { defineas: "changemyname" }); // less-privileged scope: for example, a page script var user = {name: "jim"}; var te...
...st = document.getelementbyid("test"); test.addeventlistener("click", function() { console.log(user.name); // "jim" window.changemyname(user); console.log(user.name); // "bill" }, false); note that this is subject to the normal rules of xrays: for example, an expando property added to a dom node will not be visible in the original object.
...And 5 more matches

nsIHttpChannel
inherits from: nsichannel last changed in gecko 1.3 to create an http channel, use nsiioservice with a http uri, for example: var ios = components.classes["@mozilla.org/network/io-service;1"] .getservice(components.interfaces.nsiioservice); var ch = ios.newchannel("https://www.example.com/", null, null); method overview void getoriginalresponseheader(in acstring aheader, in nsihttpheadervisitor avisitor); acstring getrequestheader(in acstring aheader); acstring getresponseheader(in acstring header); boolean isnocacheresponse(); boolean isnostoreresponse(); void redirectto(in nsiuri anewuri); void setemptyrequestheader(in acstring aheader); void setreferrerwithpo...
...licy(in nsiuri referrer, in unsigned long referrerpolicy); void setrequestheader(in acstring aheader, in acstring avalue, in boolean amerge); void setresponseheader(in acstring header, in acstring value, in boolean merge); void visitoriginalresponseheaders(in nsihttpheadervisitor avisitor); void visitrequestheaders(in nsihttpheadervisitor avisitor); void visitresponseheaders(in nsihttpheadervisitor avisitor); constants constant description referrer_policy_no_referrer_when_downgrade default; indicates not to pass on the referrer when downgrading from https to http referrer_policy_no_referrer indicates no referrer will be sent referrer_policy_origin only send the origin of the referring uri ...
... referrer_policy_origin_when_xorigin same as the default; only send the origin of the referring uri for cross-origin requests referrer_policy_unsafe_url always send the referrer, even when downgrading from https to http attributes attribute type description allowpipelining boolean this attribute is a hint to the channel to indicate whether or not the underlying http transaction should be allowed to be pipelined with other transactions.
...And 5 more matches

nsIIOService
1"] .getservice(components.interfaces.nsiioservice); method overview boolean allowport(in long aport, in string ascheme); acstring extractscheme(in autf8string urlstring); unsigned long getprotocolflags(in string ascheme); nsiprotocolhandler getprotocolhandler(in string ascheme); nsichannel newchannel(in autf8string aspec, in string aorigincharset, in nsiuri abaseuri); obsolete since gecko 48 nsichannel newchannel2(in autf8string aspec, in string aorigincharset, in nsiuri abaseuri, in nsidomnode aloadingnode, in nsiprincipal aloadingprincipal, in nsiprincipal atriggeringprincipal, in uint32_t asecurityflags, in uint32_t acontentpolicytype); nsichannel newchannelfromuri(in nsiuri auri); obsolete since gecko 48 ...
...loadinfo aloadinfo); nsichannel newchannelfromuriwithproxyflags2(in nsiuri auri, in nsiuri aproxyuri, in uint32_t aproxyflags,in nsidomnode aloadingnode, in nsiprincipal aloadingprincipal, in nsiprincipal atriggeringprincipal, in uint32_t asecurityflags, in uint32_t acontentpolicytype); nsiuri newfileuri(in nsifile afile); nsiuri newuri(in autf8string aspec, in string aorigincharset, in nsiuri abaseuri); attributes attribute type description offline boolean returns true if networking is in "offline" mode.
... nsichannel newchannel( in autf8string aspec, in string aorigincharset, in nsiuri abaseuri ); parameters aspec the spec for the desired uri.
...And 5 more matches

Index - Firefox Developer Tools
for each resource, you'll see: 107 cookies cookies, dev tools, firefox, guide, storage, storage inspector, tools, l10n:priority when you select an origin inside the cookies storage type from the storage tree, all the cookies present for that origin will be listed in a table.
...this table contains the following columns: 109 indexeddb dev tools, firefox, guide, indexeddb, storage, storage inspector, tools, l10n:priority when you select an origin inside the indexed db storage type in the storage tree of the storage inspector, a table lists the details of all the databases present for that origin.
... 110 local storage / session storage dev tools, firefox, guide, local storage, session storage, storage, storage inspector, tools, l10n:priority when an origin corresponding to local storage or session storage is selected within the storage inspector, the names and values of all the items corresponding to local storage or session storage will be listed in a table.
...And 5 more matches

Style Editor - Firefox Developer Tools
the style editor automatically de-minimizes style sheets that it detects, without affecting the original.
...so you'd need to edit the generated css, then manually work out how to reapply that to the original source.
... source maps enable the tools to map back from the generated css to the original syntax, so they can display, and allow you to edit, files in the original syntax.
...And 5 more matches

Using Fetch - Web APIs
the spec changed the default credentials policy to same-origin.
... mode: 'cors', // no-cors, *cors, same-origin cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached credentials: 'same-origin', // include, *same-origin, omit headers: { 'content-type': 'application/json' // 'content-type': 'application/x-www-form-urlencoded', }, redirect: 'follow', // manual, *follow, error referrerpolicy: 'no-referrer', // no-referrer, *no-referrer-when-downgrade,...
... origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url body: json.stringify(data) // body data type must match "content-type" header }); return response.json(); // parses json response into native javascript objects } postdata('https://example.com/answer', { answer: 42 }) .then(data => { console.log(data); // json data parsed by `data.json()` call }); note that mode: "no-cors" only allows a limited set of headers in the request: accept accept-language content-language content-type with a value of application/x-www-form-urlencoded, multipart/form-data, or text/plain sending a request with credentials included to cause browsers to send a request with credentials included, even for a cross-origin call, add credentials: ...
...And 5 more matches

Window.open() - Web APIs
the returned reference can be used to access properties and methods of the new window as long as it complies with same-origin policy security requirements.
... tip: for accessibility reasons, it is strongly encouraged to set this feature always on window functionality features noopener if this feature is set, the newly-opened window will open as normal, except that it will not have access back to the originating window (via window.opener — it returns null).
... in addition, the window.open() call will also return null, so the originating window will not have access to the new one either.
...And 5 more matches

WebKit CSS extensions - CSS: Cascading Style Sheets
image-source -webkit-mask-box-image-width -webkit-mask-box-image -webkit-mask-repeat-x -webkit-mask-repeat-y -webkit-mask-source-type -webkit-max-logical-height -webkit-max-logical-width -webkit-min-logical-height -webkit-min-logical-width n -webkit-nbsp-mode p -webkit-padding-after** -webkit-padding-before** -webkit-padding-end** -webkit-padding-start** -webkit-perspective-origin-x -webkit-perspective-origin-y -webkit-print-color-adjust r-s -webkit-rtl-ordering -webkit-svg-shadow t -webkit-tap-highlight-color -webkit-text-combine -webkit-text-decoration-skip -webkit-text-decorations-in-effect -webkit-text-fill-color -webkit-text-security -webkit-text-stroke-color -webkit-text-stroke-width -webkit-text-stroke -webkit-text-zoom -webkit-transform-origi...
...n-x -webkit-transform-origin-y -webkit-transform-origin-z u -webkit-user-drag -webkit-user-modify * a few are on the standards, unprefixed track ** new syntax has been standardized.
... -webkit-align-content -webkit-align-items -webkit-align-self -webkit-animation -webkit-animation-delay -webkit-animation-direction -webkit-animation-duration -webkit-animation-fill-mode -webkit-animation-iteration-count -webkit-animation-name -webkit-animation-play-state -webkit-animation-timing-function b -webkit-backface-visibility -webkit-background-clip -webkit-background-origin -webkit-background-size -webkit-border-bottom-left-radius -webkit-border-bottom-right-radius -webkit-border-image -webkit-border-radius -webkit-border-top-left-radius -webkit-border-top-right-radius -webkit-box-decoration-break -webkit-box-shadow -webkit-box-sizing c -webkit-clip-path -webkit-column-count -webkit-column-fill -webkit-column-gap -webkit-column-rule -webkit-colum...
...And 5 more matches

background-size - CSS: Cascading Style Sheets
the background positioning area is determined by the value of background-origin (by default, the padding box).
...afariandroid webviewchrome for androidfirefox for androidopera for androidsafari on iossamsung internetbackground-sizechrome full support 3 full support 3 full support 1prefixed notes prefixed implemented with the vendor prefix: -webkit-notes webkit-based browsers originally implemented an older draft of css3 background-size in which an omitted second value is treated as duplicating the first value; this draft does not include the contain or cover keywords.edge full support 12firefox full support 4 full support 4 f...
...xed prefixed implemented with the vendor prefix: -moz-ie full support 9opera full support 10 full support 10 full support 15prefixed notes prefixed implemented with the vendor prefix: -webkit-notes webkit-based browsers originally implemented an older draft of css3 background-size in which an omitted second value is treated as duplicating the first value; this draft does not include the contain or cover keywords.
...And 5 more matches

background - CSS: Cascading Style Sheets
the background shorthand css property sets all background style properties at once, such as color, image, origin and size, or repeat method.
... constituent properties this property is a shorthand for the following css properties: background-attachment background-clip background-color background-image background-origin background-position background-repeat background-size syntax /* using a <background-color> */ background: green; /* using a <bg-image> and <repeat-style> */ background: url("test.jpg") repeat-y; /* using a <box> and <background-color> */ background: border-box red; /* a single image, centered and scaled */ background: no-repeat center/80% url("../img/image.png"); the background propert...
...if included once, it sets both background-origin and background-clip.
...And 5 more matches

HTML attribute: rel - HTML: Hypertext Markup Language
link not allowed not allowed dns-prefetch tells the browser to preemptively perform dns resolution for the target resource's origin external resource not allowed not allowed external referenced document is not part of the same site as the current document.
... link link link nofollow indicates that the current document's original author or publisher does not endorse the referenced document.
... external resource not allowed not allowed preconnect specifies that the user agent should preemptively connect to the target resource's origin.
...And 5 more matches

<audio>: The Embed Audio element - HTML: Hypertext Markup Language
crossorigin this enumerated attribute indicates whether to use cors to fetch the related audio file.
...the allowed values are: anonymous sends a cross-origin request without a credential.
... in other words, it sends the origin: http header without a cookie, x.509 certificate, or performing http basic authentication.
...And 5 more matches

Standard metadata names - HTML: Hypertext Markup Language
origin send the origin of the document.
... origin-when-cross-origin send the full url (stripped of parameters) for same-origin requests, but only send the origin for other cases.
... same-origin send the full url (stripped of parameters) for same-origin requests.
...And 5 more matches

<video>: The Video Embed element - HTML: Hypertext Markup Language
crossorigin this enumerated attribute indicates whether to use cors to fetch the related image.
...the allowed values are: anonymous sends a cross-origin request without a credential.
... in other words, it sends the origin: http header without a cookie, x.509 certificate, or performing http basic authentication.
...And 5 more matches

Using HTTP cookies - HTTP
if unspecified, it defaults to the same origin that set the cookie, excluding subdomains.
... for example, if path=/docs is set, these paths match: /docs /docs/web/ /docs/web/http samesite attribute the samesite attribute lets servers require that a cookie shouldn't be sent with cross-origin requests (where site is defined by the registrable domain), which provides some protection against cross-site request forgery attacks (csrf).
...with strict, the cookie is sent only to the same site as the one that originated it; lax is similar, with an exception for when the user navigates to a url from an external site, such as by following a link; none has no restrictions on cross-site requests.
...And 5 more matches

Feature-Policy: accelerometer - HTTP
syntax feature-policy: accelerometer <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: ambient-light-sensor - HTTP
syntax feature-policy: ambient-light-sensor <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: autoplay - HTTP
syntax feature-policy: autoplay <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: battery - HTTP
syntax feature-policy: battery <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: camera - HTTP
syntax feature-policy: camera <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: display-capture - HTTP
syntax feature-policy: display-capture <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: document-domain - HTTP
syntax feature-policy: document-domain <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: encrypted-media - HTTP
syntax feature-policy: encrypted-media <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: gyroscope - HTTP
syntax feature-policy: gyroscope <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: layout-animations - HTTP
syntax feature-policy: layout-animations <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: legacy-image-formats - HTTP
syntax feature-policy: legacy-image-formats <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: magnetometer - HTTP
syntax feature-policy: magnetometer <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: microphone - HTTP
syntax feature-policy: microphone <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: midi - HTTP
syntax feature-policy: midi <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: oversized-images - HTTP
syntax feature-policy: oversized-images <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: payment - HTTP
syntax feature-policy: payment <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: picture-in-picture - HTTP
syntax feature-policy: picture-in-picture <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: publickey-credentials-get - HTTP
syntax feature-policy: publickey-credentials-get <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: screen-wake-lock - HTTP
syntax feature-policy: screen-wake-lock <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: sync-xhr - HTTP
syntax feature-policy: sync-xhr <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: unoptimized-images - HTTP
syntax feature-policy: unoptimized-images <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: usb - HTTP
syntax feature-policy: usb <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: vibrate - HTTP
syntax feature-policy: vibrate <allowlist>; <vibrate> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: wake-lock - HTTP
syntax feature-policy: wake-lock <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

web-share - HTTP
syntax feature-policy: web-share <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Feature-Policy: xr-spatial-tracking - HTTP
syntax feature-policy: xr-spatial-tracking <allowlist>; <allowlist> an allowlist is a list of origins that takes one or more of the following values, separated by spaces: *: the feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
... 'self': the feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
... 'src': (in an iframe allow attribute only) the feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the url in the iframe's src attribute.
...And 5 more matches

Digital audio concepts - Web media technologies
by chaining all the samples together, you can approximately represent the original wave, as seen in the diagram below.
... when it comes time to play back that sound later, these amplitudes are used to generate an approximation of the original waveform; instead of playing back an exact duplicate of the original, smooth wave, the rougher, blue wave is played.
... the more often you take samples of the original audio, the closer to the original you can get.
...And 5 more matches

Inner-browsing extending the browser navigation paradigm - Archive of obsolete content
despite all the evolution, we still see the underpinnings of the original model in modern web sites.
...another approach is to request an html page in the iframe and inside this page (requested data), set the onload event to callback a function notifying the parent document (originator).
... iframe as a result of a request (retrievedata method requested the html file in to be loaded in the iframe): <body onload="top.iframecallback(document);" > <mydata> this is the content that comes from the server </mydata> </body> note that when the page is loaded into the iframe, the onload event is fired and the parent.iframecallback function is called in the context of the parent document (the originator).
...And 4 more matches

Source code directories overview - Archive of obsolete content
this code originated in the mozilla classic code base.
...this code originated at uc berkeley.
...this code originated as the reference implementation for the jpeg specification from the independent jpeg group.
...And 4 more matches

Space Manager Detailed Design - Archive of obsolete content
the space manager * defines a coordinate space with an origin at (0, 0) that grows down * and to the right.
... */ nsiframe* getframe() const { return mframe; } /** * translate the current origin by the specified (dx, dy).
... * * the local coordinate space origin, the y-offset, and the max size * describe a rectangle that's used to clip the underlying band of * available space, i.e.
...And 4 more matches

Table Cellmap - Archive of obsolete content
83 union { 84 nstablecellframe* morigcell; 85 long mbits; 86 }; the idea behind this construction is a entry in the cellmap can be either the origin of a row- or colspan (a cell cell without a defined row- or colspan attribute assumes 1 as a default value), or a entry which is only covered by a row- or colspan.
... entries which are a origin have a direct corresponding tablecellframe.
... <table> <tr><td>cell 1</td><td colspan="2">cell 2</td></tr> <tr><td>cell 3</td><td>cell 4</td><td>cell 5</td></tr> </table> table cell map would be: row 0 : c0,0 c0,1 c row 1 : c1,0 c1,1 c1,2 while it is clear that in the cells that are the origin of a table cells one will find a address the more interesting question is, what will be the content in the upper right cell.
...And 4 more matches

The Joy of XUL - Archive of obsolete content
but overlays can also be specified externally, enabling the designer to superimpose them upon an application without changing the original source.
...the netscape public license (npl) and mozilla public license (mpl) require developers who alter original work (source code files that are provided with mozilla) to release the source code for these changes to their customers.
... overlays can be used to add features to mozilla without contaminating the original open source code with proprietary alterations.
...And 4 more matches

JSErrorReport
ismuted bool the web platform allows scripts to be loaded from arbitrary cross-origin sources.
... this allows an attack by which a malicious website loads a sensitive file (say, a bank statement) cross-origin (using the user's cookies), and sniffs the generated syntax errors (via a window.onerror handler) for juicy morsels of its contents.
... to counter this attack, html5 specifies that script errors should be sanitized ("muted") when the script is not same-origin with the global for which it is loaded.
...And 4 more matches

Using the Debugger map scopes feature - Firefox Developer Tools
it enables you to see the variables from the original source.
... when you click the increment button on the page and hit the breakpoint, an additional section is added to the right-hand panel below the call stack to display variables mapped from the original scope, like this: as useful as this is, it would be even nicer if you could view the original code (before it was packages into the "bundle.js" file.
... right-click on the source code and the context menu now includes an option to jump to original location as shown below.
...And 4 more matches

Cache - Web APIs
an origin can have multiple, named cache objects.
...each browser has a hard limit on the amount of cache storage that a given origin can use.
...the browser does its best to manage disk space, but it may delete the cache storage for an origin.
...And 4 more matches

DOMHighResTimeStamp - Web APIs
the starting time can be either a specific time determined by the script for a site or app, or the time origin.
... the time origin the time origin is a standard time which is considered to be the beginning of the current document's lifetime.
... it's calculated like this: if the script's global object is a window, the time origin is determined as follows: if the current document is the first one loaded in the window, the time origin is the time at which the browser context was created.
...And 4 more matches

HTMLIFrameElement.referrerPolicy - Web APIs
origin only send the origin of the document as the referrer in all cases.
... origin-when-cross-origin send a full url when performing a same-origin request, but only send the origin of the document for other cases.
... same-origin a referrer will be sent for same-site origins, but cross-origin requests will contain no referrer information.
...And 4 more matches

HTMLScriptElement.referrerPolicy - Web APIs
origin only send the origin of the document as the referrer in all cases.
... origin-when-cross-origin send a full url when performing a same-origin request, but only send the origin of the document for other cases.
... same-origin a referrer will be sent for same-site origins, but cross-origin requests will contain no referrer information.
...And 4 more matches

Using readable streams - Web APIs
as our simple stream pump example shows (see it live also), exposing it is a matter of just accessing the body property of the response: // fetch the original image fetch('./tortoise.png') // retrieve its body as readablestream .then(response => response.body) this provides us with a readablestream object.
...this is done using the readablestream.getreader() method: // fetch the original image fetch('./tortoise.png') // retrieve its body as readablestream .then(response => response.body) .then(body => { const reader = body.getreader(); invoking this method creates a reader and locks it to the stream — no other reader may read this stream until this reader is released, e.g.
... also note that the previous example can be reduced by one step, as response.body is synchronous and so doesn't need the promise: // fetch the original image fetch('./tortoise.png') // retrieve its body as readablestream .then(response => { const reader = response.body.getreader(); reading the stream now you’ve got your reader attached, you can read data chunks out of the stream using the readablestreamdefaultreader.read() method.
...And 4 more matches

SubtleCrypto.unwrapKey() - Web APIs
the salt needs to be the same as the salt that was used to derive the original aes-kw key wrapping key.
...this must match the salt value that was originally used to derive the key.
... // the salt must match the salt originally used to derive the key.
...And 4 more matches

Matrix math for the web - Web APIs
this is a special transformation matrix which functions much like the number 1 does in scalar multiplication; just like n * 1 = n, multiplying any matrix by the identity matrix gives a resulting matrix whose values match the original matrix.
...using the identity matrix it should return a matrix identical to the original, since a matrix multiplied by the identity matrix is always equal to itself: // sets identityresult to [4,3,2,1] let identityresult = multiplymatrixandpoint(identitymatrix, [4, 3, 2, 1]); returning the same point is not very useful, but there are other types of matrices that can perform helpful operations on points.
... first, here's code that rotates a point around the origin without using matrices.
...And 4 more matches

Using bounded reference spaces - Web APIs
therefore, the bounded reference space's origin always places the y=0 plane at floor level.
... note that if the underlying platform defines a fixed room-scale origin and boundary, it may initialize any uninitialized values to match that predefined information; this is not unexpected behavior for users of these platforms.
...although the user's xr system may provide automated detection and protection against exiting the safe area, it is always good practice to handle this yourself, watching for collisions between the user's position and the boundary of the world, and providing guidance to move back toward the origin point, or at least to stay inside the safe zone.
...And 4 more matches

Feature Policy - HTTP
concepts and usage feature policy allows you to control which origins can use which features, both in the top-level page and in embedded frames.
... essentially, you write a policy, which is an allowed list of origins for each feature.
... for every feature controlled by feature policy, the feature is only enabled in the current document or frame if its origin matches the allowed list of origins.
...And 4 more matches

Set-Cookie - HTTP
samesite=<samesite-value> optional strict: the browser sends the cookie only for same-site requests (that is, requests originating from the same site that set the cookie).
... if the request originated from a different url than the current one, no cookies with the samesite=strict attribute are sent.
... asserts that a cookie must not be sent with cross-origin requests, providing some protection against cross-site request forgery attacks (csrf).
...And 4 more matches

Using dns-prefetch - Web Performance
when a browser requests a resource from a (third party) server, that cross-origin’s domain name must be resolved to an ip address before the browser can issue the request.
...the cross-origin domain is then specified in the href attribute: syntax <link rel="dns-prefetch" href="https://fonts.gstatic.com/" > examples <html> <head> <link rel="dns-prefetch" href="https://fonts.gstatic.com/"> <!-- and all other head elements --> </head> <body> <!-- your page content --> </body> </html> you should place dns-prefetch hints in the <head> element any time your site re...
...ferences resources on cross-origin domains, but there are some things to keep in mind.
...And 4 more matches

SVG documentation index - SVG: Scalable Vector Graphics
19 accent-height deprecated, needsexample, svg, svg attribute the accent-height attribute defines the distance from the origin to the top of accent characters, measured by a distance within the font coordinate system.
... 102 horiz-origin-x deprecated, svg, svg attribute the horiz-origin-x attribute indicates the x-coordinate in the font coordinate system of the origin of a glyph to be used when drawing horizontally oriented text.
... 103 horiz-origin-y deprecated, svg, svg attribute the horiz-origin-y attribute indicates the y-coordinate in the font coordinate system of the origin of a glyph to be used when drawing horizontally oriented text.
...And 4 more matches

lang/functional - Archive of obsolete content
when the method is invoked on an instance of the object, the original function is called.
...calling the wrapped version will call the original function during the next event loop.
... wrap(fn, wrapper) returns the first function passed as an argument to the second, allowing you to adjust arguments, run code before and after, and conditionally execute the original function.
...And 3 more matches

Creating custom Firefox extensions with the Mozilla build system - Archive of obsolete content
i can't even remember why anymore, but i got stuck in a number of places, and the whole affair ended up taking far longer than i originally expected.
...the makefiles in the base/ and advanced/ directories should look more or less like your original root makefile, remembering to change the depth variable to account for the fact that they've moved a level further away from the mozilla root.
...so there will be two files that look like myextension.cpp in the original example, say base.cpp and advanced.cpp.
...And 3 more matches

Mozilla Crypto FAQ - Archive of obsolete content
in february 2000 iplanet e-commerce solutions (a sun-netscape alliance) released source code through mozilla.org for the personal security manager and network security services software; this source code included support for the ssl protocol, but due to the rsa patent and related legal issues it did not originally contain code for rsa or other cryptographic algorithms.
...also see the original sun-netscape alliance press release on the release of pki source code and the corresponding mozilla.org press release.
...if you create and distribute modifications to the original psm and nss code, we ask that you in turn make such modifications available under both the mpl and gpl.
...And 3 more matches

nsIContentPolicy - Archive of obsolete content
method overview short shouldload(in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetypeguess, in nsisupports aextra, in nsiprincipal arequestprincipal); short shouldprocess(in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetype, in nsisupports aextra, in nsiprincipal arequestprincipal); constants content types constant value de...
... reject_server -3 returned from shouldload() or shouldprocess() if the load/process is rejected based on the server it is hosted on or requested from (acontentlocation or arequestorigin), e.g., if you block an image because it is served from goatse.cx (even if you don't necessarily block other types from that server/domain).
... short shouldload( in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetypeguess, in nsisupports aextra, in nsiprincipal arequestprincipal ); parameters acontenttype the type of content being tested.
...And 3 more matches

Advanced styling effects - Learn web development
adding: 10px; background-color: red; background-image: linear-gradient(to bottom, rgba(0,0,0,0), rgba(0,0,0,0.25)); } .simple { box-shadow: 5px 5px 5px rgba(0,0,0,0.7); } this gives us the following result: you'll see that we've got four items in the box-shadow property value: the first length value is the horizontal offset — the distance to the right the shadow is offset from the original box (or left, if the value is negative).
... the second length value is the vertical offset — the distance downwards that the shadow is offset from the original box (or upwards, if the value is negative).
...if set, this causes the shadow to become bigger than the original box.
...And 3 more matches

Basic native form controls - Learn web development
in this particular article we will look at the original set of form controls, available in all browsers since the early days of the web.
... objective: to understand in detail the original set of native form widgets available in browsers for collecting data, and how to implement them using html.
... note: html5 enhanced the basic original single line text field by adding special values for the type attribute that enforce specific validation constraints and other features, for example specific to entering urls or numbers.
...And 3 more matches

UI pseudo-classes - Learn web development
the original pseudo-classes available to us (as of css 2.1) that are relevant to forms are: :hover: selects an element only when it is being hovered over by a mouse pointer.
...for example, in our custom radio buttons example, we use generated content to handle the placement and animation of the inner circle when a radio button is selected: input[type="radio"]::before { display: block; content: " "; width: 10px; height: 10px; border-radius: 6px; background-color: red; font-size: 1.2em; transform: translate(3px, 3px) scale(0); transform-origin: center; transition: all 0.3s ease-in; } input[type="radio"]:checked::before { transform: translate(3px, 3px) scale(1); transition: all 0.3s cubic-bezier(0.25, 0.25, 0.56, 2); } this is really useful — screenreaders already let their users know when a radio button or checkbox they encounter is checked/selected, so you don't want them to read out another dom element that indicates select...
... as a recap, the :checked code from our styled radio buttons example looks like so: input[type="radio"]::before { display: block; content: " "; width: 10px; height: 10px; border-radius: 6px; background-color: red; font-size: 1.2em; transform: translate(3px, 3px) scale(0); transform-origin: center; transition: all 0.3s ease-in; } input[type="radio"]:checked::before { transform: translate(3px, 3px) scale(1); transition: all 0.3s cubic-bezier(0.25, 0.25, 0.56, 2); } you can try it out here: basically, we build the styling for the radio button "inner circle" using the ::before pseudo element, but set a scale(0) transform on it.
...And 3 more matches

Client-side storage - Learn web development
a service worker is a javascript file that, simply put, is registered against a particular origin (web site, or part of a web site at a certain domain) when it is accessed by a browser.
... when registered, it can control pages available at that origin.
... it does this by sitting between a loaded page and the network and intercepting network requests aimed at that origin.
...And 3 more matches

JS::CompileOptions
the web platform allows scripts to be loaded from arbitrary cross-origin sources.
... this allows an attack by which a malicious website loads a sensitive file (say, a bank statement) cross-origin (using the user's cookies), and sniffs the generated syntax errors (via a window.onerror handler) for juicy morsels of its contents.
... to counter this attack, html5 specifies that script errors should be sanitized ("muted") when the script is not same-origin with the global for which it is loaded.
...And 3 more matches

nsIDOMClientRect
1.0 66 introduced gecko 1.9 inherits from: nsisupports last changed in gecko 1.9.1 (firefox 3.5 / thunderbird 3.0 / seamonkey 2.0) attributes attribute type description bottom float y-coordinate, relative to the viewport origin, of the bottom of the rectangle box.
... left float x-coordinate, relative to the viewport origin, of the left of the rectangle box.
... right float x-coordinate, relative to the viewport origin, of the right of the rectangle box.
...And 3 more matches

nsIPrincipal
origin string the origin of this principal's codebase uri.
... an origin is defined as: scheme + host + port.
..._granted 4 methods native code only!canenablecapability short canenablecapability( in string capability ); parameters capability missing description return value missing description exceptions thrown missing exception missing description checkmayload() checks whether this principal is allowed to load the network resource located at the given uri under the same-origin policy.
...And 3 more matches

Drawing and Event Handling - Plugins
note: when a plug-in is drawn to a window, the plug-in is responsible for preserving state information and ensuring that the original state is restored.
... the cliprect field defines the clipping rectangle of the plug-in in a coordinate system where the origin is the top-left corner of the drawable or window.
...the plug-in can use these coordinates to call setorigin(portx, porty) to place the upper-left corner of its rectangle at (0,0).
...And 3 more matches

MediaDevices.getUserMedia() - Web APIs
only a window's top-level document context for a valid origin can even request permission to use getusermedia(), unless the top-level context expressly grants permission for a given <iframe> to do so using feature policy.
...the originally-designed security mechanism is in the process of being replaced with feature policy, so various browsers have different levels of security support, using different mechanisms.
... for example, this line in the http headers will enable use of a camera for the document and any embedded <iframe> elements that are loaded from the same origin: feature-policy: camera 'self' this will request access to the microphone for the current origin and the specific origin https://developer.mozilla.org: feature-policy: microphone 'self' https://developer.mozilla.org if you're using getusermedia() within an <iframe>, you can request permission just for that frame, which is clearly more secure than requesting a more general permission.
...And 3 more matches

Using Web Workers - Web APIs
workers may, in turn, spawn new workers, as long as those workers are hosted within the same origin as the parent page.
...so-called sub-workers must be hosted within the same origin as the parent page.
...it accepts zero or more uris as parameters to resources to import; all of the following examples are valid: importscripts(); /* imports nothing */ importscripts('foo.js'); /* imports just "foo.js" */ importscripts('foo.js', 'bar.js'); /* imports two scripts */ importscripts('//example.com/hello.js'); /* you can import scripts from other origins */ the browser loads each listed script and executes it.
...And 3 more matches

transform-box - CSS: Cascading Style Sheets
the transform-box css property defines the layout box to which the transform and transform-origin properties relate.
...if a viewbox attribute is specified for the svg viewport creating element, the reference box is positioned at the origin of the coordinate system established by the viewbox attribute, and the dimension of the reference box is set to the width and height values of the viewbox attribute.
... formal definition initial valueview-boxapplies totransformable elementsinheritednocomputed valueas specifiedanimation typediscrete formal syntax content-box | border-box | fill-box | stroke-box | view-box examples svg transform-origin scoping in this example we have an svg: <svg id="svg" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 50 50"> <g> <circle id="center" fill="red" r="1" transform="translate(25 25)" /> <circle id="boxcenter" fill="blue" r=".5" transform="translate(15 15)" /> <rect id="box" x="10" y="10" width="10" height="10" rx="1" ry="1" stroke="black" fill="none" /> </g> </svg> in the css we have an animation that uses a transform to rotate the rectangle infinitely.
...And 3 more matches

CORS errors - HTTP
cross-origin resource sharing (cors) is a standard that allows a server to relax the same-origin policy.
... this is used to explicitly allow some cross-origin requests while rejecting others.
... if the cors configuration isn't setup correctly, the browser console will present an error like "cross-origin request blocked: the same origin policy disallows reading the remote resource at $somesite" indicating that the request was blocked due to violating the cors security rules.
...And 3 more matches

Clear-Site-Data - HTTP
it allows web developers to have more control over the data stored locally by a browser for their origins.
...the browser cache, see http caching) for the origin of the response url.
... "cookies" indicates that the server wishes to remove all cookies for the origin of the response url.
...And 3 more matches

CSP: referrer - HTTP
the http content-security-policy (csp) referrer directive used to specify information in the referer header (with a single r as this was a typo in the original spec) for links away from a page.
...the origin is sent as referrer to a-priori as-much-secure destination (https->https), but isn't sent to a less secure destination (https->http).
... "origin" only send the origin of the document as the referrer in all cases.
...And 3 more matches

Content-Security-Policy-Report-Only - HTTP
if the blocked uri is from a different origin than the document-uri, then the blocked uri is truncated to contain just the scheme, host, and port.
... original-policy the original policy as specified by the content-security-policy-report-only http header.
...stylesheets are only allowed to be loaded from cdn.example.com, yet the website tries to load one from its own origin (http://example.com).
...And 3 more matches

Regular expression syntax cheatsheet - JavaScript
character classes if you are looking to contribute to this document, please also edit the original article characters meaning .
... assertions if you are looking to contribute to this document, please also edit the original article boundary-type assertions characters meaning ^ matches the beginning of input.
... groups and ranges if you are looking to contribute to this document, please also edit the original article characters meaning x|y matches either "x" or "y".
...And 3 more matches

Array.prototype.concat() - JavaScript
the concat method does not alter this or any of the arrays provided as arguments but instead returns a shallow copy that contains copies of the same elements combined from the original arrays.
... elements of the original arrays are copied into the new array as follows: object references (and not the actual object): concat copies object references into the new array.
... both the original and new array refer to the same object.
...And 3 more matches

Array.prototype.slice() - JavaScript
the original array will not be modified.
... description slice does not alter the original array.
... it returns a shallow copy of elements from the original array.
...And 3 more matches

Function.prototype.bind() - JavaScript
description the bind() function creates a new bound function, which is an exotic function object (a term from ecmascript 2015) that wraps the original function object.
...pe = new fnop(); return fbound; }; })(); some of the many differences (there may well be others, as this list does not seriously attempt to be exhaustive) between this algorithm and the specified algorithm are: the partial implementation relies on array.prototype.slice(), array.prototype.concat(), function.prototype.call() and function.prototype.apply(), built-in methods to have their original values.
... the partial implementation creates bound functions whose name property is not derived from the original function name.
...And 3 more matches

String.prototype.split() - JavaScript
after splitting the string, the function logs messages indicating the original string (before the split), the separator used, the number of elements in the array, and the individual array elements.
... function splitstring(stringtosplit, separator) { const arrayofstrings = stringtosplit.split(separator) console.log('the original string is: ', stringtosplit) console.log('the separator is: ', separator) console.log('the array has ', arrayofstrings.length, ' elements: ', arrayofstrings.join(' / ')) } const tempeststring = 'oh brave new world that has such people in it.' const monthstring = 'jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec' const space = ' ' const comma = ',' splitstring(tempeststring, space) splitstring(tempeststring) splitstring(monthstring, comma) this example produces the following output: the original string is: "oh brave new world that has such people in it." the separator is: " " the array has 10 elements: oh / brave / new / world / that / has / such / peopl...
... the original string is: "oh brave new world that has such people in it." the separator is: "undefined" the array has 1 elements: oh brave new world that has such people in it.
...And 3 more matches

MCD, Mission Control Desktop, AKA AutoConfig - Archive of obsolete content
its original inspiration comes from http://www.alain.knaff.lu/howto/mozillacustomization/ and http://mit.edu/~firefox/www/maintain...utoconfig.html.
... the use of the getldapattributes() function by calling inside itself the processldapvalues() as a user defined function (see prefcalls.js) forces us to slightly change these calls in our original web cgi javascript (here mci-mozilla-glob-prefs-tux.cgi).
...getldapattributes("ldap2.int-evry.fr", "ou=people,dc=int-evry,dc=fr", "uid=" +env_user, "uid,cn,mail"); } catch(e) { displayerror("lockedpref", e); } eop print $page; windows peculiarities without web base cgi file, beware that in windows, the original (before encoding) mozilla.js file must start with: //begin ce prefs , if not you'll get "failed to read configuration file..." message, and mozilla won't start :-( in windows environment variables like user or home, are username and homepath, that's why we must create a different pair of configuration files (cfg and cgi) for both systems (linux/windows).
...And 2 more matches

Styling the Amazing Netscape Fish Cam Page - Archive of obsolete content
the reason for the class value being card is that the original idea was to style each fish's description like a trading card.
... conclusion redesigning a classic is something like being asked to revisemoby dick for modern audiences: you're thrilled at the opportunity, but afraid of doing injustice to the original.
... i'd like to think that the final result was in keeping with the original spirit of the amazing netscape fish cam page while giving it a nice new css-driven look.
...And 2 more matches

CORS - MDN Web Docs Glossary: Definitions of Web-related terms
cors (cross-origin resource sharing) is a system, consisting of transmitting http headers, that determines whether browsers block frontend javascript code from accessing responses for cross-origin requests.
... the same-origin security policy forbids cross-origin access to resources.
... but cors gives web servers the ability to say they want to opt into allowing cross-origin access to their resources.
...And 2 more matches

Deployment and next steps - Learn web development
follow the steps listed under the push an existing folder heading: cd your_root_directory # go into your project's root directory git init git remote add origin https://gitlab.com/[your-user]/mdn-svelte-todo.git git add .
... git commit -m "initial commit" git push -u origin master note: you could use the git protocol instead of https, which is faster and saves you from typing your username and password every time you access your origin repo.
...your origin url will be like this: git@gitlab.com:[your-user]/mdn-svelte-todo.git.
...And 2 more matches

NetUtil.jsm
method overview nsiasyncstreamcopier asynccopy(nsiinputstream asource, nsioutputstream asink, [optional] acallback) void asyncfetch(asource, acallback) nsichannel newchannel(awhattoload, [optional] aorigincharset, [optional] nsiuri abaseuri) nsiuri newuri(atarget, [optional] aorigincharset, [optional] nsiuri abaseuri) string readinputstreamtostring(ainputstream, acount, aoptions) attributes attribute type description ioservice nsiioservice returns a reference to nsiioservice.
... nsichannel newchannel( awhattoload, [optional] aorigincharset, [optional] abaseuri ); parameters return value an nsichannel allowing access to the specified data source.
... aorigincharset the optional character set to use when interpreting awhattoload as a string; this is ignored if awhattoload is not a string.
...And 2 more matches

NSS tools : certutil
pmq+jzsdz3gz85ajt3krolwekvzzza2e2hnsvf2uxbk5amke lrxdserh9g85pv4ky7z8xz71nri3+k3uwmnqkc6t0hhyb1mw/gx8oaaoluqx3bix jbdxji73cf7xuopplhbjjiwygijuo8bezj5l+tf4p38mjz1snltzzpeax5bl0u76 bfu/tzfwbbe8yawytkctmcalbpj6jn2wd3m01kgozw4mmbvsj1crb9hnsgsqyhcu u0ujll1h/rwcjn607+ctekh9jlmuqciqpjnoa+kq/6f7nhnrriuzasibzc30bz5a ni7q5n1usm3ewqlvxw== -----end certificate----- listing keys keys are the original material used to encrypt certificate data.
... the --upgrade-merge command must give information about the original database and then use the standard arguments (like -d) to give the information about the new databases.
... the command also requires information that the tool uses for the process to upgrade and write over the original database.
...And 2 more matches

certutil
eeswpmq+jzsdz3gz85ajt3krolwekvzzza2e2hnsvf2uxbk5amke lrxdserh9g85pv4ky7z8xz71nri3+k3uwmnqkc6t0hhyb1mw/gx8oaaoluqx3bix jbdxji73cf7xuopplhbjjiwygijuo8bezj5l+tf4p38mjz1snltzzpeax5bl0u76 bfu/tzfwbbe8yawytkctmcalbpj6jn2wd3m01kgozw4mmbvsj1crb9hnsgsqyhcu u0ujll1h/rwcjn607+ctekh9jlmuqciqpjnoa+kq/6f7nhnrriuzasibzc30bz5a ni7q5n1usm3ewqlvxw== -----end certificate----- listing keys keys are the original material used to encrypt certificate data.
... the --upgrade-merge command must give information about the original database and then use the standard arguments (like -d) to give the information about the new databases.
... the command also requires information that the tool uses for the process to upgrade and write over the original database.
...And 2 more matches

Index
otherwise, it returns the original source code of the script.
... 279 js_getarrayprototype jsapi reference, spidermonkey js_getarrayprototype() retrieves the original array.prototype of a specified object, obj.
... 291 js_geterrorprototype jsapi reference, reference, référence(2), spidermonkey js_geterrorprototype returns the original value of error.prototype from the global object of the current compartment of cx.
...And 2 more matches

nsIDOMEvent
explicitoriginaltarget nsidomeventtarget the explicit original target of the event.
...for example, mouse events are retargeted to their parent node when they happen over text nodes (bug 185889), and in that case .target will show the parent and .explicitoriginaltarget will show the text node.
... .explicitoriginaltarget differs from .originaltarget in that it will never contain anonymous content.
...And 2 more matches

nsIStandardURL
to create an instance, use: var standardurl = components.classes["@mozilla.org/network/standard-url;1"] .createinstance(components.interfaces.nsistandardurl); method overview void init(in unsigned long aurltype, in long adefaultport, in autf8string aspec, in string aorigincharset, in nsiuri abaseuri); attributes attribute type description mutable boolean control whether or not this url can be modified.
...void init( in unsigned long aurltype, in long adefaultport, in autf8string aspec, in string aorigincharset, in nsiuri abaseuri ); parameters aurltype one of the constants listed above.
...aorigincharset the charset from which this uri string originated.
...And 2 more matches

nsIWebSocketChannel
to create an instance, use: var websocketchannel = components.classes["@mozilla.org/????????????????????????????"] .createinstance(components.interfaces.nsiwebsocketchannel); method overview void asyncopen(in nsiuri auri, in acstring aorigin, in nsiwebsocketlistener alistener, in nsisupports acontext); void close(in unsigned short acode, in autf8string areason); void sendbinarymsg(in acstring amsg); void sendmsg(in autf8string amsg); attributes attribute type description extensions acstring sec-websocket-extensions response header value.
... originaluri nsiuri the original uri used to construct the protocol connection.
... this is used in the case of a redirect or uri "resolution" (for example resolving a resource: uri to a file: uri) so that the original pre-redirect uri can still be obtained.
...And 2 more matches

Xray vision
any expandos are invisible, and if any properties of the object have been redefined, it sees the original implementation, not the redefined version.
... so in the example above, chrome code calling the content's window.confirm() would get the original version of confirm(), not the redefined version.
... the dual representation enables an elegant implementation of xrays: the xray just directly accesses the c++ representation of the original object, and doesn't go to the content's javascript reflection at all.
...And 2 more matches

Working with data
if the original value is already a cdata object, the original object is simply duplicated directly into the new one.
...this will also work: `ctypes.int.array()(jsarr)` mycarr.addressofelement(0).contents; // outputs: 4 mycarr.addressofelement(1).contents; // outputs: 10 type casting you can type cast data from one type to another by using the ctypes.cast() function: var newobj = ctypes.cast(origobj, newtype); this will return a new object whose data block is shared with the original object, but whose type is newtype.
... if the size of the new type is undefined or larger than the size of the original object's data block, typeerror is thrown.
...And 2 more matches

Scripting plugins - Plugins
security model the security model for making calls through this api is much like the general same-origin security model enforced by the browser.
... that means that a script from an origin other than the origin of the page that loaded the plugin is not able to access methods and properties on the plugin.
... the same thing applies the other way too; the plugin can reach only javascript objects in the same origin as the page that loaded the plugin.
...And 2 more matches

Use a source map - Firefox Developer Tools
the javascript sources executed by the browser are often transformed in some way from the original sources created by a developer.
... in these situations, it's much easier to debug the original source, rather than the source in the transformed state that the browser has downloaded.
... a source map is a file that maps from the transformed source to the original source, enabling the browser to reconstruct the original source and present the reconstructed original in the debugger.
...And 2 more matches

DOMMatrix - Web APIs
dommatrix.scalenonuniformself() modifies the matrix by applying the specified scaling on the x, y, and z axes, centered at the given origin.
...the default origin is (0, 0, 0).
... dommatrix.scaleself() modifies the matrix by applying the specified scaling factors, with the center located at the specified origin.
...And 2 more matches

Request() - Web APIs
note the following behavioural updates to retain security while making the constructor less likely to throw exceptions: if this object exists on another origin to the constructor call, the request.referrer is stripped out.
... if this object has a request.mode of navigate, the mode value is converted to same-origin.
... mode: the mode you want to use for the request, e.g., cors, no-cors, same-origin, or navigate.
...And 2 more matches

Request.cache - Web APIs
the "only-if-cached" mode can only be used if the request's mode is "same-origin".
... cached redirects will be followed if the request's redirect property is "follow" and the redirects do not violate the "same-origin" mode.
...// in reality; this would be a function that takes a path and a // reference to the controller since it would need to change the value let controller = new abortcontroller(); fetch("some.json", {cache: "only-if-cached", mode: "same-origin", signal: controller.signal}) .catch(e => e instanceof typeerror && e.message === "failed to fetch" ?
...And 2 more matches

Request.credentials - Web APIs
the credentials read-only property of the request interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests.
... syntax var mycred = request.credentials; value a requestcredentials dictionary value indicating whether the user agent should send cookies from the other domain in the case of cross-origin requests.
... same-origin: send user credentials (cookies, basic http auth, etc..) if the url is on the same origin as the calling script.
...And 2 more matches

Request.mode - Web APIs
the mode read-only property of the request interface contains the mode of the request (e.g., cors, no-cors, same-origin, or navigate.) this is used to determine if cross-origin requests lead to valid responses, and which properties of the response are readable.
... the associated mode, available values of which are: same-origin — if a request is made to another origin with this mode set, the result is simply an error.
... you could use this to ensure that a request is always being made to your origin.
...And 2 more matches

SharedWorker() - Web APIs
this script must obey the same-origin policy.
... note: there is disagreement among browser manufacturers about whether a data uri is of the same origin or not.
...it must obey the same-origin policy.
...And 2 more matches

Window.sessionStorage - Web APIs
the read-only sessionstorage property accesses a session storage object for the current origin.
... syntax mystorage = window.sessionstorage; value a storage object which can be used to access the current origin's session storage space.
... exceptions securityerror the request violates a policy decision, or the origin is not a valid scheme/host/port tuple (this can happen if the origin uses the file: or data: scheme, for example).
...And 2 more matches

WindowOrWorkerGlobalScope.fetch() - Web APIs
note that the origin header is not set on fetch requests with a method of head or get.
... mode the mode you want to use for the request, e.g., cors, no-cors, or same-origin.
... credentials the request credentials you want to use for the request: omit, same-origin, or include.
...And 2 more matches

Worker() - Web APIs
this script must obey the same-origin policy.
... note: that there is a disagreement among browser manufacturers about whether a data uri is of the same origin or not.
...it must obey the same-origin policy.
...And 2 more matches

Using XMLHttpRequest - Web APIs
it starts with "xml" because when it was created the main format that was originally used for asynchronous data exchange were xml handling responses there are several types of response attributes defined by the living standard specification for the xmlhttprequest() constructor.
... cross-site xmlhttprequest modern browsers support cross-site requests by implementing the cross-origin resource sharing (cors) standard.
... as long as the server is configured to allow requests from your web application's origin, xmlhttprequest will work.
...And 2 more matches

XRPermissionDescriptor.optionalFeatures - Web APIs
xrboundedreferencespace local a tracking space whose native origin is located near the viewer's position at the time the session was created.
... for devices with six degrees of freedom (6dof) tracking, the local reference space tries to keep the origin stable relative to the environment.
... xrreferencespace unbounded a tracking space which allows the user total freedom of movement, possibly over extremely long distances from their origin point.
...And 2 more matches

XRPermissionDescriptor.requiredFeatures - Web APIs
xrboundedreferencespace local a tracking space whose native origin is located near the viewer's position at the time the session was created.
... for devices with six degrees of freedom (6dof) tracking, the local reference space tries to keep the origin stable relative to the environment.
... xrreferencespace unbounded a tracking space which allows the user total freedom of movement, possibly over extremely long distances from their origin point.
...And 2 more matches

XRPermissionStatus.granted - Web APIs
xrboundedreferencespace local a tracking space whose native origin is located near the viewer's position at the time the session was created.
... for devices with six degrees of freedom (6dof) tracking, the local reference space tries to keep the origin stable relative to the environment.
... xrreferencespace unbounded a tracking space which allows the user total freedom of movement, possibly over extremely long distances from their origin point.
...And 2 more matches

XRReferenceSpaceType - Web APIs
xrboundedreferencespace local a tracking space whose native origin is located near the viewer's position at the time the session was created.
... for devices with six degrees of freedom (6dof) tracking, the local reference space tries to keep the origin stable relative to the environment.
... xrreferencespace unbounded a tracking space which allows the user total freedom of movement, possibly over extremely long distances from their origin point.
...And 2 more matches

XRSession.requestReferenceSpace() - Web APIs
xrboundedreferencespace local a tracking space whose native origin is located near the viewer's position at the time the session was created.
... for devices with six degrees of freedom (6dof) tracking, the local reference space tries to keep the origin stable relative to the environment.
... xrreferencespace unbounded a tracking space which allows the user total freedom of movement, possibly over extremely long distances from their origin point.
...And 2 more matches

all - CSS: Cascading Style Sheets
it can set properties to their initial or inherited values, or to the values specified in another stylesheet origin.
... revert specifies behavior that depends on the stylesheet origin to which the declaration belongs: user-agent origin equivalent to unset.
... user origin rolls back the cascade to the user-agent level, so that the specified values are calculated as if no author-level or user-level rules were specified for the element.
...And 2 more matches

mask - CSS: Cascading Style Sheets
constituent properties this property is a shorthand for the following css properties: mask-clip mask-composite mask-image mask-mode mask-origin mask-position mask-repeat mask-size syntax /* keyword values */ mask: none; /* image values */ mask: url(mask.png); /* pixel image used as mask */ mask: url(masks.svg#star); /* element within svg graphic used as mask */ /* combined values */ mask: url(masks.svg#star) luminance; /* element within svg graphic used as luminance mask */ mask: url(ma...
... <geometry-box> if only one <geometry-box> value is given, it sets both mask-origin and mask-clip.
... if two <geometry-box> values are present, then the first sets mask-origin and the second sets mask-clip.
...And 2 more matches

<area> - HTML: Hypertext Markup Language
"no-referrer-when-downgrade" meaning that no referer: header will be sent when navigating to an origin without tls (https).
... "origin" meaning that the referrer will be the origin of the page, that is roughly the scheme, the host and the port.
... "origin-when-cross-origin" meaning that navigations to other origins will be limited to the scheme, the host and the port, while navigations on the same origin will include the referrer's path.
...And 2 more matches

<nextid>: The NeXT ID element (Obsolete) - HTML: Hypertext Markup Language
as applicable for the head of this document> <nextid n="z20"> </head> <body> <a name="z0" href="#z4">first section heading</a> <a name="z1" href="#z5">second section heading</a> <a name="z8" href="#z14">newly inserted third section heading</a> <a name="z9" href="#z15">newly inserted fourth section heading</a> <a name="z2" href="#z6">original third (now fifth) section heading</a> <a name="z3" href="#z7">original fourth (now sixth) section heading</a> <a name="z10" href="#z16">seventh section heading</a> <a name="z11" href="#z17">eighth section heading</a> <a name="z12" href="#z18">ninth section heading</a> <a name="z13" href="#z19">tenth section heading</a> <h2><a name="z4">first secti...
...</p> <h2><a name="z6">original third (now fifth) section heading</a></h1><p> ...
...</p> <h2><a name="z7">original fourth (now sixth) section heading</a></h1><p> ...
...And 2 more matches

Evolution of HTTP - HTTP
http/1.1 clarified ambiguities and introduced numerous improvements: a connection can be reused, saving the time to reopen it numerous times to display the resources embedded into the single original document retrieved.
... using http for complex applications the original vision of tim berners-lee for the web wasn't a read-only medium.
... relaxing the security-model of the web http is independent of the security model of the web, the same-origin policy.
...And 2 more matches

Reason: CORS request not HTTP - HTTP
local file security in firefox 68 when a user opened a page using a file:/// uri in firefox 67 and earlier, the origin of the page was defined as the directory from which the page was opened.
... resources in the same directory and its subdirectories were treated as having the same origin for purposes of the cors same-origin rule.
... in response to cve-2019-11730, firefox 68 and later define the origin of a page opened using a file:/// uri as unique.
...And 2 more matches

Tk - HTTP
the origin server is currently testing its communication of tracking status.
...the origin server needs more information to determine tracking status.
...the origin server believes it has received prior consent for tracking this user, user agent, or device.
...And 2 more matches

An overview of HTTP - HTTP
to present a web page, the browser sends an original request to fetch the html document that represents the page.
...the ability to relax the origin constraint, by contrast, has only been added in the 2010s.
... relaxing the origin constraint to prevent snooping and other privacy invasions, web browsers enforce strict separation between web sites.
...And 2 more matches

Proxy servers and tunneling - HTTP
forwarding client information through proxies proxies can make requests appear as if they originated from the proxy's ip address.
... this can be useful if a proxy is used to provide client anonymity, but in other cases information from the original request is lost.
... the ip address of the original client is often used for debugging, statistics, or generating location-dependent content.
...And 2 more matches

Web audio codec guide - Web media technologies
depends on the codec; codecs typically have an internal sample format that may or may not be the same as the original sample size.
...upon decoding audio compressed with a lossless codec such as flac or alac, the result is identical in every way to the original sound, down to the bit.
...the specific codec used—and the compression configuration selected—determine how close to the original, uncompressed audio signal the output seems to be when heard by the human ear.
...And 2 more matches

Subresource Integrity - Web security
note: for subresource-integrity verification of a resource served from an origin other than the document in which it’s embedded, browsers additionally check the resource using cross-origin resource sharing (cors), to ensure the origin serving the resource allows it to be shared with the requesting origin.
... cross-origin resource sharing and subresource integrity for subresource-integrity verification of a resource served from an origin other than the document in which it's embedded, browsers additionally check the resource using cross-origin resource sharing (cors), to ensure the origin serving the resource allows it to be shared with the requesting origin.
... therefore, the resource must be served with an access-control-allow-origin header that allows the resource to be shared with the requesting origin; for example: access-control-allow-origin: * examples in the following examples, assume that oqvuafxrkap7fdgccy5uykm6+r9gqq8k/uxy9rx7hnqlgyl1kpzqho1wx4jwy8wc is already known to be the expected sha-384 hash (digest) of a particular script example-framework.js, and there’s a copy of the script hosted at https://example.com/example-framework.js.
...And 2 more matches

On page load - Archive of obsolete content
d("appcontent"); // browser if(appcontent){ appcontent.addeventlistener("domcontentloaded", myextension.onpageload, true); } var messagepane = document.getelementbyid("messagepane"); // mail if(messagepane){ messagepane.addeventlistener("load", function(event) { myextension.onpageload(event); }, true); } }, onpageload: function(aevent) { var doc = aevent.originaltarget; // doc is document that triggered "onload" event // do something with the loaded page.
... if(doc.location.href.search("forum") > -1) alert("a forum page is loaded"); // add event listener for page unload aevent.originaltarget.defaultview.addeventlistener("unload", function(event){ myextension.onpageunload(event); }, true); }, onpageunload: function(aevent) { // do something } }; current firefox trunk nightlies will fire the onpageload function for not only documents, but xul:images (favicons in tabbrowser).
... if you only want to handle documents, ensure aevent.originaltarget.nodename == "#document" .
... if(gbrowser) gbrowser.addeventlistener("domcontentloaded", this.onpageload, false); }, onpageload: function(aevent) { var doc = aevent.originaltarget; // doc is document that triggered the event var win = doc.defaultview; // win is the window for the doc // test desired conditions and do something // if (doc.nodename != "#document") return; // only documents // if (win != win.top) return; //only top window.

Common Pitfalls - Archive of obsolete content
f (ns_failed(rv)) { // may want to handle ns_error_malformed_uri for // some applications return rv; } or, if the code can include nsnetutil.h: nscomptr<nsiuri> uriobj; nsresult rv = ns_newuri(getter_addrefs(uriobj), uristring, uricharset, baseuri); in all cases the baseuri can be null if the uristring should be treated as an absolute uri and uricharset can be null if there is no clear origin charset for the string (e.g.
... how to do security checks for uri loads before loading a uri, one of two security checks needs to be performed: if the uri is a string that will be loaded via passing the string to nsiwebnavigation::loaduri, the one must call checkloaduristrwithprincipal and pass the principal that the uri originates from as the first argument and the uri string as the second argument.
... in all other cases, one should call checkloaduriwithprincipal and pass the principal that the uri originates from as the first argument and an nsiuri object representing the uri as the second argument.
... what not to do all other security checks (including calls to checkloaduri and checkloaduristr) are incorrect, because they do not properly capture the originating principal.

Intercepting Page Loads - Archive of obsolete content
let doc = event.originaltarget; if (doc instanceof htmldocument) { // is this an inner frame?
... http notifications are fired for all http requests originating from firefox.
...you can also use these in conjunction with nsitraceablechannel to get and modify the response text before it gets to the original requester.
...a good filter would look like this: shouldload : function(acontenttype, acontentlocation, arequestorigin, acontext, amimetypeguess, aextra) { let result = components.interfaces.nsicontentpolicy.accept; // we should check for type_subdocument as well if we want frames.

Firefox addons developer guide - Archive of obsolete content
rules: file and directory names: italic method and variable names: class name if you want to add a fixme, add: fixme: a message notes: the original document is in japanese and distributed via the xuldev.org website.
... todo: all fixme notes inside the documents; add abbreviation definition to acronyms; add some link to the internal mdc documentation when it makes sense; indent source code; make sure documentation is relevant for all platforms: gnu/linux, macos, windows; add anchor links to figures & listings; add credits to original authors and license; completed sometimes, interfaces names are misspelled: s/nsl/nsi; talk about fuel; titles of chapters and sub-headings should have caps for first letter of each word; we should add a part about bad and good practices (leaks, global scopes, ...); add external resources (mozdev.org/community/books.html); add to chapter 3 or 5 more informations about overlay (how to overl...
... gen's opinion: yes, because it is important for developers to make informed decisions regarding oss licenses and it was a part of the original guide.
...the original version of this guide was written as a first step guide for beginners.

Creating a Release Tag - Archive of obsolete content
the mini-branch is created so you can check in the build scripts with the necessary changes without touching the original branch.
... cvs co -r netscape_6_2_release mozilla/client.mk cd mozilla gmake -f client.mk checkout create a mini branch for the pull scripts on all three platforms so we can change them without changing anything on the original branch.
... rm mozilla/client.mk cvs co -r mozilla_0_9_4_1_release_mini_branch mozilla/client.mk in each of the build scripts find the variables defining the branch and change it from the branch you originally pulled from to the new tag you are creating.
...-name cvs | xargs -l -p10 cvs tag -l mozilla_0_9_4_1_release >& ../taglog original document information author(s): dawn endico last updated date: november 1, 2005 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Layout System Overview - Archive of obsolete content
the original design of the layout system allowed for multiple, possibly different, presentations to be supported simultaneously from the same content model.
...the original design provided for a single presentation shell to manage multiple presentation contexts, to allow a single shell to handle multiple presentations.
...(note: the original architecture of the layout system included the creation of frames for elements with no display.
... original document information author(s): marc attinasi last updated date: november 20, 2005 ...

Style System Overview - Archive of obsolete content
1 matching rule: use value 2+ matching rules: cascade decides which wins: sort by origin (ua, user, author) & weight (!important), then specificity of selector, then order example document source <doc> <title>a few quotes</title> <para class="emph"> franklin said that <quote>"a penny saved is a penny earned."</quote> </para> <para> fdr said <quote>"we have nothing to fear but <span class="emph">fear itself.</span>"</quo...
... the cascade stylesetimpl manages the different origins of rules in the cascade (ua, user, author) style set gets the nsistyleruleprocessor implementations from the style sheets, and the css stylesheets force one cssruleprocessor per origin (rather than one per stylesheet).
... cssruleprocessor one cssruleprocessor per origin (ua, user, author) css rule processor sorts all the rules in cascade order, and then puts them in rulehash, which remembers order and then hashes by first of id, class, tag, namespace, or unhashed.
...(but beware didsetstylecontext) the style system style sheets & rules ↓ rule tree ↓ style context interface original document information author(s): david baron last updated date: june 6, 2003 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Migrate apps from Internet Explorer to Mozilla - Archive of obsolete content
per the ecmascript specification, getyear returns the year minus 1900, originally meant to return "98" for 1998.
...as newer browsers came to market, most of these original bugs, usually called quirks, were kept for backwards compatibility.
... srcelement target the element to which the event was originally dispatched.
... original document information author(s): doron rosenberg, ibm corporation published: 26 jul 2005 link: http://www.ibm.com/developerworks/we...y/wa-ie2mozgd/ ...

The Implementation of the Application Object Model - Archive of obsolete content
futhermore, the original natural order of the items (e.g., in the case of bookmarks) would be lost.
...if we have something like this, then we can perform sorts without tearing down our intermediate representation and without even losing our original information.
...if the xul stream came from a local file, then rdf can either locally annotate the graph (just as before), or it can serialize the xul and write over the original file (thus allowing local changes to a local file to be reflected right in the xul).
...todo: more examples talk about data sources original document information written by: dave hyatt last modified on: 1/31/99 ...

Mozilla release FAQ - Archive of obsolete content
originally, the plan was just to re-stabilize the code and release 5.0, but it was decided within the community that the more ambitious changes that were planned for later integration were close to being ready.
...various other people have decided to take the original of this faq and modify it, usually making a web version.
...you might want to visit the open directory project's spam pages to help you track down the origin.
... for the second case, go to the mozilla community section to unsubscribe original document information author(s): pat gunn last updated date: may 28, 2005 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

2006-11-03 - Archive of obsolete content
oblem on winxp) november 2nd: kenoa complained that when he is compiling using cygwin on win32 he gets the following error no such file or directory1: /cygdrive/c/mozilla/mail/config/mozconfig client.mk:339: /cygdrive/c/mozilla/.mozconfig.mk: no such file or directory he claims that the file ".mozconfig" exists in /cygdrive/c/mozilla/mail/config/mozconfig the disable-crypto cause problem originally posted on november 2nd: gxk is building minimo using the code base from sept.
... originally posted on november 1st: dale dale has set up a windows machine in order to perform mozilla builds but has been unsuccessful to do so.
... fix host_libidl_libs originally posted on october 29th: gery gery claims to have discovered a problem when he compiles mozilla across different platforms when pkg_config is used.
... problems building browser's trunk on windows using vs 2005 originally posted on october 29th: ricardo sixel is trying to retrieve the trunk source code using the browser check out option.

Digital Signatures - Archive of obsolete content
figure 1 shows two items transferred to the recipient of some signed data: the original data and the digital signature, which is basically a one-way hash (of the original data) that has been encrypted with the signer's private key.
...it then uses the same hashing algorithm that generated the original hash to generate a new one-way hash of the same data.
... (information about the hashing algorithm used is sent with the digital signature, although this isn't shown in the figure.) finally, the receiving software compares the new hash against the original hash.
... original document information author(s): ella deon lackey last updated date: 2012 copyright information: © 2012 red hat, inc.

Crisp pixel art look with image-rendering - Game development
original size 4x size 4x size (scaled with an image editor) none vendor's algorithm nearest-neighbor algorithm a css-based solution the good news is that you can use css to automatically do the up-scaling, which not only solves the blur problem, but also allows you to use the images in their original, smaller size, thus saving download time.
...the steps to achieve this effect are: create a <canvas> element and set its width and height attributes to the original, smaller resolution.
...the original image we want to upscale looks like this: here's some html to create a simple canvas: <canvas id="game" width="128" height="128"></canvas> css to size the canvas and render a crisp image: canvas { width: 512px; height: 512px; image-rendering: -moz-crisp-edges; image-rendering: -webkit-crisp-edges; image-rendering: pixelated; image-rendering: crisp-edges; } and some javascrip...
...d load the image: // get canvas context var ctx = document.getelementbyid('game').getcontext('2d'); // load image var image = new image(); image.onload = function () { // draw the image into the canvas ctx.drawimage(image, 0, 0); } image.src = 'https://udn.realityripple.com/samples/11/a2954fe197.png'; this code used together produces the following result: note: you can check out the original code on github (and a live example.) ...

Primitive - MDN Web Docs Glossary: Definitions of Web-related terms
it correctly finds our variable instantiated with our first statement after finding it, the expression is evaluated, foo is replaced by 5 and the javascript engine passes that value to the functions as an argument before executing the statements inside the functions' bodies, javascript takes a copy of the originally passed argument (which is a primitive) and creates a local copy.
...we are increasing its value by 2, not the original foo's value!
...we are increasing its value by 2, not the original (external) foo's value!
...(note that window.foo could still be used to access the external foo variable.) in conclusion, any changes inside our functions won't affect the original foo at all, as we are modifying copies of it that's why primitives are immutable - instead of changing them directly, we're modifying a copy, without affecting the original.

Test your skills: JSON - Learn web development
the example won't work locally, or in an environment like codepen or jsfiddle, because of something called cross-origin security.
... this basically means that you can't request a file from one origin using code on a different origin.
... in the live code editor above, both the javascript code and the requested json file are on the same origin (the code sits on a github repo, and is embedded here in an <iframe>).
... if you put your code on codepen for example, it would fail because the json it is requesting is not on the same origin.

Handling common JavaScript problems - Learn web development
apply the polyfill scripts to the page using the following code — place these above the existing <script> element so they will be available on the page already when we start trying to use fetch: <script src="es6-promise.js"></script> <script src="fetch.js"></script> inside the original <script>, add the following code: const myimage = document.queryselector('.my-image'); fetch('flowers.jpg').then(function(response) { response.blob().then(function(myblob) { let objecturl = url.createobjecturl(myblob); myimage.src = objecturl; }); }); now if you load it in a browser that doesn't support fetch (safari and ie are obvious candidates), you should still see the f...
...we'd like to make it clear that we can't take credit for this code — it was originally written by philip walton.
... check out his article loading polyfills only when needed for the original code, plus a lot of useful explanation around the wider subject).
... then we use that object to manipulate the api, rather than the original one.

HTMLIFrameElement.executeScript()
options optional optionally, you can provide an origin or url for the script to be executed against.
... it's recommended that you include an origin or url, in order to ensure that the script is being executed in the expected context: origin: an origin, e.g.
...the script seems to execute even if a url/origin is specified.
... examples var request1 = browser.executescript( var a = 3; a + 3 , {url: 'http://example.com/index.html'}); request1.onsuccess = function() { console.log(request1.result); // 6 } var request2 = browser.executescript( new promise((resolve, reject) => { settimeout(function() { resolve(6); }, 1000}) ) , {origin: 'http://example.com'}); request2.onsuccess = function() { console.log(request2.result); // 6 } if the script value is a not a promise, it is simply returned as the request value.

Promise
in case this parameter is not a function (usually null), the new promise returned by the then method is fulfilled with the same value as the original promise.
...in case this parameter is not a function (usually left undefined), the new promise returned by the then method is rejected with the same reason as the original promise.
... return value a new promise that is initially pending, then assumes a state that depends on the outcome of the invoked callback function: if the callback returns a value that is not a promise, including undefined, the new promise is fulfilled with this fulfillment value, even if the original promise was rejected.
... if the callback throws an exception, the new promise is rejected with the exception as the rejection reason, even if the original promise was fulfilled.

Localizing with Mozilla Translator
after translating those strings (if using the edit phrase dialog, you can get translation suggestions for strings having an original text equal to existing translations), you can run some automated tests to detect typical errors.
... migrating contents when the directory structure changes overall, if you are a ''good'' mt user and you do things like: checking "keep original" flags for strings not needing translation, instead of just leaving the translation empty struggling to get empty lists when running "untranslated strings" and "view fuzzy" if you are up to date in localization regularly running qa checks and trying to minimize them.
...your keep original and fuzzy flags will be honored for each string.
...to migrate the existing translation in the old product, you need to export partial glossaries from the old product, selecting the ''link'' origin (see the previous section) and importing them into the ''link'' target.

About NSPR
the first generation of nspr was originally conceived just to satisfy the requirements of porting java to various host environments.
... nspr20, an effort started in 1996, built on that original idea, though very little is left of the original code.
...it was originally intended to export synchronous i/o methods only, relying on threads to provide the concurrency needed for complex applications.
... original document information author: larryh@netscape.com last updated date: 2000 (portions of the introduction moved to the history section in 2012) ...

SpiderMonkey compartments
in firefox 4 and above, compartments are used and all javascript objects that belong to a certain origin (such as "http://mail.google.com/" or "http://www.bank.com/") are placed in a separate compartment.
...in the old model, javascript objects could be co-located with arbitrary other javascript objects from other origins.
... such cross-origin objects are used together very infrequently, which reduces the number of cache hits we get.
... in the new model most objects touched by a website are tightly packed next to each other in memory, with no cross-origin objects in between.

Web Replay
this non-determinism originates from two sources: intra-thread and inter-thread.
... these behaviors mainly originate from system calls (i/o and such).
... each subsequent snapshot includes copies of thread stacks/registers as well as a diff containing the original contents of all pages of heap and static memory that were modified since the previous snapshot.
... when the process resumes forward or backward these side effects will be lost (the process reverts to its original state) and while paused at a breakpoint these effects can cause some strange behavior — after the above eval, getting the x.f property directly could produce a different value from eval("x.f").

mozITXTToHTMLConv
wstring scantxt( in wstring text, in unsigned long whattodo ); parameters text the original, plain text to scan and convert into html.
... wstring scanhtml( in wstring text, in unsigned long whattodo ); parameters text the original, user-edited html.
... return value a normalized version of the original html string.
... unsigned long citeleveltxt( in wstring line, out unsigned long loglinestart ); parameters line the original line of text, which may begin with one or more cite characters such as ">".

nsIChannel
originaluri nsiuri the original uri used to construct the channel.
... this is used in the case of a redirect or uri "resolution" (for example resolving a resource: uri to a file: uri) so that the original pre-redirect uri can still be obtained.
... note: this is distinctly different from the http referer (referring uri), which is typically the page that contained the original uri (accessible from nsihttpchannel.) owner nsisupports the owner, corresponding to the entity that is responsible for this channel.
...this means that: the stream listener this channel will be notifying was initially passed to the asyncopen() method of some other channel this channel's uri is a better identifier of the resource being accessed than this channel's originaluri.

nsICookiePermission
last changed in gecko 1.9 (firefox 3) inherits from: nsisupports method overview nscookieaccess canaccess(in nsiuri auri, in nsichannel achannel); boolean cansetcookie(in nsiuri auri, in nsichannel achannel, in nsicookie2 acookie, inout boolean aissession, inout print64 aexpiry); nsiuri getoriginatinguri(in nsichannel achannel); void setaccess(in nsiuri auri, in nscookieaccess aaccess); constants constant value description access_default 0 nscookieaccess's access default value access_allow 1 nscookieaccess's access allow value access_deny 2 nscookieaccess's access deny value access_session 8 additional values for nscookieaccess, which are not directly used by any methods ...
...getoriginatinguri() determines the originating uri for a load given a channel, for third-party cookie blocking.
...nsiuri getoriginatinguri( in nsichannel achannel ); parameters achannel the channel for the load trying to get or set cookies.
... return value the originating uri.

nsIStringBundleOverride
nsisimpleenumerator enumeratekeysinbundle( in autf8string url ); parameters url the url of the original string bundle whose keys are to be overridden.
...note that these keys may not exist in the original string bundle.
...astring getstringfromname( in autf8string url, in acstring key ); parameters url the url of the original string bundle whose keys are to be overridden.
...however, no exception is thrown if the original string bundle did not have the key.

nsITraceableChannel
interface is as follows: register for the "http-on-examine-response" notification to track all http responses; skip redirects (responsestatus = 3xx on nsihttpchannel), since otherwise you may end up with two listeners registered for a channel; qi the channel passed as the "subject" to your observer to nsitraceablechannel, and replace the default nsistreamlistener (that passes the data to the original requester - e.g.
... after that your nsistreamlistener implementation will get the response data and will be able to pass the data on to the original nsistreamlistener (possibly modifying it).
... var data = istream.readbytes(acount); this.receivedchunks.push(data); ostream.writebytes(data, acount); this.originallistener.ondataavailable(arequest, acontext, sstream.newinputstream(0), aoffset, acount); }, onstartrequest: function(arequest, acontext) { this.originallistener.onstartrequest(arequest, acontext); }, onstoprequest: function(arequest, acontext, astatuscode) { this.responsebody = this.receivedchunks.join(""); delete this.receivedchunks; this.responsestatus = astatuscode; this.origin...
...ext, astatuscode); this.deferreddone.resolve(); }, queryinterface: function(aiid) { if (aiid.equals(ci.nsistreamlistener) || aiid.equals(ci.nsisupports)) { return this; } throw cr.ns_nointerface; } }; var httpresponseobserver = { observe: function(asubject, atopic, adata) { var newlistener = new tracinglistener(); asubject.queryinterface(ci.nsitraceablechannel); newlistener.originallistener = asubject.setnewlistener(newlistener); /////// end - do not edit newlistener.promisedone.then( function() { // no error happened console.log('yay response done:', newlistener.responsebody); }, function(areason) { // promise was rejected, right now i didnt set up rejection, but i should listen to on abort or bade status code then reject maybe } ).catch( fu...

nsIURI
to create an nsiuri object, you should use nsiioservice.newuri(), like this: function makeuri(aurl, aorigincharset, abaseuri) { var ioservice = components.classes["@mozilla.org/network/io-service;1"] .getservice(components.interfaces.nsiioservice); return ioservice.newuri(aurl, aorigincharset, abaseuri); } components of a uri prepath path scheme userpass host port ref ftp :// username@password @ hostn...
... origincharset acstring the charset of the document from which this uri originated.
... this is related to the web origin concept of rfc6454.
... this is useful for authentication, managing sessions, or for checking the origin of an uri to prevent cross-site scripting attacks while using methods such as window.postmessage().

nsIWorkerMessageEvent
1.0 66 introduced gecko 1.9.1 inherits from: nsidomevent last changed in gecko 1.9.1 (firefox 3.5 / thunderbird 3.0 / seamonkey 2.0) method overview void initmessageevent(in domstring atypearg, in boolean acanbubblearg, in boolean acancelablearg, in domstring adataarg, in domstring aoriginarg, in nsisupports asourcearg); attributes attribute type description data domstring the event's data.
... origin domstring the event's origin.
... void initmessageevent( in domstring atypearg, in boolean acanbubblearg, in boolean acancelablearg, in domstring adataarg, in domstring aoriginarg, in nsisupports asourcearg ); parameters atypearg the event type.
... aoriginarg the origin to place into the origin attribute.

Using the clipboard
for example, a piece of html can be represented in both its original html form and in plain text.
...we can cut to the clipboard instead of copying by doing a copy and then deleting the original data.
...if you originally copied data of multiple flavors onto the clipboard, you can retrieve the data in the best format necessary.
... original document information author(s): neil deakin original document: http://xulplanet.com/tutorials/mozsdk/clipboard.php copyright information: copyright (c) neil deakin ...

CData
return value a string that, ideally, should be able to be evaluated to produce a new cdata object containing a copy of the original object.
... in theory, in other words, the following javascript expression should return a copy of the original cdata object: eval(dataobject.tosource()); tostring() returns a string identifying the data.
... return value a new string object that is a copy of the original string contents.
... return value a new string object that is a copy of the original string contents.

Mozilla
it was originally named nglayout.
...changes to a document originate in the content tree (from dom modification by scripting, insertion of elements from the parser, etc.) and are propogated to the layout tree through magic that primarily resides in //github.com/realityripple/uxp/blob/master/layout/base/nscssframeconstructor.cpp getting started with chat note that on 2nd march 2...
... git moved here: https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html hacking with bonsai bonsai was originally created to solve the problem of tree instability.
... the original navigator code base had large sections that were shared across multiple platforms.

Debugger.Source - Firefox Developer Tools
if a given piece of source code is presented to the javascript implementation more than once, with the same origin metadata, the javascript implementation may generate a fresh debugger.source instance to represent each presentation, or it may use a single debugger.source instance to represent them all.
... sourcemapurl if the instance refers to javascript source, if this source was produced by a minimizer or translated from some other language, and we know the url of a source map document relating the source positions in this source to the corresponding source positions in the original source, then this property’s value is that url.
...if one assigns a function, that function’s script’s source doesnot belong to the dom element; the function’s definition must appear elsewhere.) (if the sources attached to a dom element change, the debugger.source instances representing superceded code still refer to the dom element; this accessor only reflects origins, not current relationships.) elementattributename if this source belongs to a dom element because it is an event handler content attribute or an event handler idl attribute, this is the name of that attribute, a string.
... since a <script> element parsed from a web page’s original html was not introduced by any scripted call, its source’s introductionscript and introductionoffset accessors both return undefined.

CanvasRenderingContext2D.rotate() - Web APIs
the rotation center point is always the canvas origin.
... html <canvas id="canvas"></canvas> javascript const canvas = document.getelementbyid('canvas'); const ctx = canvas.getcontext('2d'); // point of transform origin ctx.arc(0, 0, 5, 0, 2 * math.pi); ctx.fillstyle = 'blue'; ctx.fill(); // non-rotated rectangle ctx.fillstyle = 'gray'; ctx.fillrect(100, 0, 80, 20); // rotated rectangle ctx.rotate(45 * math.pi / 180); ctx.fillstyle = 'red'; ctx.fillrect(100, 0, 80, 20); // reset transformation matrix to the identity matrix ctx.settransform(1, 0, 0, 1, 0, 0); result the center of rotation is blue.
...to do this, the following steps are applied to the matrix: first, translate() moves the matrix's origin to the shape's center.
... finally, translate() moves the matrix's origin back to its starting point.

Drawing shapes with canvas - Web APIs
the origin of this grid is positioned in the top left corner at coordinate (0,0).
... all elements are placed relative to this origin.
...later in this tutorial we'll see how we can translate the origin to a different position, rotate the grid and even scale it, but for now we'll stick to the default.
...x and y specify the position on the canvas (relative to the origin) of the top-left corner of the rectangle.

Using channel messaging - Web APIs
you have to think about whether the origins trust one another, and how the messages are passed.
... the origin the message is to be sent to.
... * means "any origin".
... // handle messages received on port1 function onmessage(e) { output.innerhtml = e.data; input.value = ''; } when a message is received back from the iframe confirming that the original message was received successfully, this simply outputs the confirmation to a paragraph and empties the text input ready for the next message to be sent.

Document.cookie - Web APIs
note: the domain must match the domain of the javascript origin.
... __host- signals to the browser that in addition to the restriction to only use the cookie from a secure origin, the scope of the cookie is limited to a path attribute passed down by the server.
...for chrome the path attribute must always be the origin.
...the only way to protect the cookie is by using a different domain or subdomain, due to the same origin policy.

Element.getClientRects() - Web APIs
originally, microsoft intended this method to return a textrectangle object for each line of text.
...note that the p has onlyone border box, while the span has multiple border boxes.</p> <div> <strong>original</strong> <p> <span>paragraph that spans multiple lines</span> </p> </div> <div> <strong>p's rect</strong> <p class="withclientrectsoverlay"> <span>paragraph that spans multiple lines</span> </p> </div> <div> <strong>span's rect</strong> <p> <span class="withclientrectsoverlay">paragraph that spans multiple lines</span> </p> </div> example 2: this html creates thre...
... <h3>a list</h3> <p>note that the border box doesn't include the number, so neither do the client rects.</p> <div> <strong>original</strong> <ol> <li>item 1</li> <li>item 2</li> </ol> </div> <div> <strong>ol's rect</strong> <ol class="withclientrectsoverlay"> <li>item 1</li> <li>item 2</li> </ol> </div> <div> <strong>each li's rect</strong> <ol> <li class="withclientrectsoverlay">item 1</li> <li class="withclientrectsoverlay">item 2</li> </ol> </div> example 3: this html creates two tables with captions.
... <h3>a table with a caption</h3> <p>although the table's border box doesn't include the caption, the client rects do include the caption.</p> <div> <strong>original</strong> <table> <caption>caption</caption> <thead> <tr><th>thead</th></tr> </thead> <tbody> <tr><td>tbody</td></tr> </tbody> </table> </div> <div> <strong>table's rect</strong> <table class="withclientrectsoverlay"> <caption>caption</caption> <thead> <tr><th>thead</th></tr> </thead> <tbody> <tr><td>tbody</td></tr> </tbody> </table> </div> css the css draws borders around the paragraph and the <span> inside each <div> block for the first example, around the <ol> and <li> for the second examp...

Fetch API - Web APIs
it also defines related concepts such as cors and the http origin header semantics, supplanting their separate definitions elsewhere.
... fetch() won’t send cookies, unless you set credentials: 'same-origin'.
... in august 2017, the spec changed the default credentials policy to 'same-origin'.
... if you are targetting older versions of these browsers, be sure to include credentials: 'same-origin' init option on all api requests that may be affected by cookies/user login state.

Introduction to the File and Directory Entries API - Web APIs
the file and directory entries api adheres to the same-origin policy the file and directory entries api does not let you create and rename executable files the file system is sandboxed you cannot run your app from file:// the file and directory entries api adheres to the same-origin policy an origin is the domain, application layer protocol, and port of a url of the document where the script is being executed.
... each origin has its own associated set of file systems.
... the security boundary imposed on file system prevents applications from accessing data with a different origin.
...for example, while an app or a page in http://www.example.com/app/ can access files from http://www.example.com/dir/, because they have the same origin, it cannot retrieve files from http://www.example.com:8080/dir/ (different port) or https://www.example.com/dir/ (different protocol).

HTMLImageElement - Web APIs
htmlimageelement.crossorigin a domstring specifying the cors setting for this image element.
... htmlimageelement.x read only an integer indicating the horizontal offset of the left border edge of the image's css layout box relative to the origin of the <html> element's containing block.
... htmlimageelement.y read only the integer vertical offset of the top border edge of the image's css layout box relative to the origin of the <html> element's containing block.
... the following properties have been added: crossorigin, naturalwidth, naturalheight, and complete.

Location - Web APIs
eventlistener("click", function(e) { e.preventdefault(); e.stoppropagation(); window.location.hash = '#' + $(this).attr('id'); }); }); [].foreach.call(document.queryselectorall('[title]'), function (node) { node.addeventlistener("click", function(e) { e.preventdefault(); e.stoppropagation(); window.location.hash = ''; }); }); result properties location.ancestororigins is a static domstringlist containing, in reverse order, the origins of all ancestor browsing contexts of the document associated with the given location object.
...it can be set from a different origin than the associated document.
... location.origin read only returns a usvstring containing the canonical form of the origin of the specific location.
...zilla.org:8080/search?q=url#search-results-close-container console.log(url.protocol); // https: console.log(url.host); // developer.mozilla.org:8080 console.log(url.hostname); // developer.mozilla.org console.log(url.port); // 8080 console.log(url.pathname); // /search console.log(url.search); // ?q=url console.log(url.hash); // #search-results-close-container console.log(url.origin); // https://developer.mozilla.org:8080 specifications specification status comment html living standardthe definition of 'location' in that specification.

MediaTrackSettings.deviceId - Web APIs
the mediatracksettings dictionary's deviceid property is a domstring which uniquely identifies the source for the corresponding mediastreamtrack for the origin corresponding to the browsing session.
... syntax var deviceid = mediatracksettings.deviceid; value a domstring whose value is an origin-unique identifier for the track's source.
... this id is valid across multiple browsing sessions for the same origin and is guaranteed to be different for all other origins, so you can safely use it to request the same source be used for multiple sessions, for example.
... since there is a one-to-one pairing of id with each source, all tracks with the same source will share the same id for any given origin, so mediastreamtrack.getcapabilities() will always return exactly one value for deviceid.

Notification.permission - Web APIs
the permission read-only property of the notification interface indicates the current permission granted by the user for the current origin to display web notifications.
...the value can be: granted: the user has explicitly granted permission for the current origin to display system notifications.
... denied: the user has explicitly denied permission for the current origin to display system notifications.
... examples the following snippet could be used if you wanted to first check whether notifications are supported, then check if permission has been granted for the current origin to send notifications, then request permission if required, before then sending a notification.

PerformanceTiming - Web APIs
if there is no previous document, or if the previous document or one of the needed redirects is not of the same origin, the value returned is 0.
...if there is no previous document, or if the previous document, or one of the needed redirects, is not of the same origin, the value returned is 0.
...if there is no redirect, or if one of the redirects is not of the same origin, the value returned is 0.
...if there is no redirect, or if one of the redirects is not of the same origin, the value returned is 0.

Service Worker API - Web APIs
service worker concepts and usage a service worker is an event-driven worker registered against an origin and a path.
...if successful, your service worker will be downloaded to the client and attempt installation/activation (see below) for urls accessed by the user inside the whole origin, or inside a subset specified by you.
... responding to resource requests from other origins.
... clients represents a container for a list of client objects; the main way to access the active service worker clients at the current origin.

Writing WebSocket servers - Web APIs
tip: all browsers send an origin header.
... you can use this header for security (checking for same origin, automatically allowing or denying, etc.) and send a 403 forbidden if you don't like what you see.
... however, be warned that non-browser agents can send a faked origin.
...to do so, it will send something like this as part of the original handshake: get /chat http/1.1 ...

Viewpoints and viewers: Simulating cameras in WebXR - Web APIs
as in all things, the position of an object in space—even if that space if virtual—can be represented using three numbers that indicate its position relative to the origin, whose position is defined to be (0, 0, 0).
... there's another aspect of the spatial relationship of an object to the origin in space left to be considered: perspective.
...for example, if the object is facing an object located at (3, 1, -2)—that is, three meters to the right, one meter up, and two meters away from the origin point—the result is: [31-2]\left [ \begin{matrix} 3 \\ 1 \\ -2 \end{matrix} \right ] this can also be represented as an array: let directionvector = [3, 1, -2]; for the purposes of performing operations involving both the coordinates and the facing direction vector, the vector needs to include the w component.
...since the translation is expressed as a vector providing the distance to move along each axis, we can combine them like this: mat4.translate(viewmatrix, viewmatrix, [-trackdistance, -pedestaldistance, dollydistance]); this will shift the origin of the matrix viewmatrix by the specified amount along each axis.

Starting up and shutting down a WebXR session - Web APIs
the reference space returned by requestreferencespace() places the origin (0, 0, 0) in the center of the space.
... detecting reference space resets occasionally, discontinuities or jumps in the native origin may occur while tracking the user's position in the world.
...these situations cause the native origin to jump abruptly by the distance and directional angle necessary to bring the native origin back into alignment with the user's position and facing direction.
...the event's transform property is an xrrigidtransform detailing the transform needed to realign the native origin.

Web Authentication API - Web APIs
one of the most important parameters is the origin, which is recorded as part of the clientdata so that the origin can be verified by the server later.
...these include: verifying that the challenge is the same as the challenge that was sent ensuring that the origin was the origin expected validating that the signature over the clientdatahash and the attestation using the certificate chain for that specific model of the authenticator a complete list of validation steps can be found in the web authentication api specification.
...one of the most important parameters is the origin, which recorded as part of the clientdata so that the origin can be verified by the server later.
...returned by credentialscontainer.create() and credentialscontainer.get(), respectively, the child interfaces include information from the browser such as the challenge origin.

Window.localStorage - Web APIs
the read-only localstorage property allows you to access a storage object for the document's origin; the stored data is saved across browser sessions.
... syntax mystorage = window.localstorage; value a storage object which can be used to access the current origin's local storage space.
... exceptions securityerror the request violates a policy decision, or the origin is not a valid scheme/host/port tuple (this can happen if the origin uses the file: or data: scheme, for example).
... for example, the user may have their browser configured to deny permission to persist data for the specified origin.

Window - Web APIs
window.localstorage read only returns a reference to the local storage object used to store data that may only be accessed by the origin that created it.
... window.sessionstorage returns a reference to the session storage object used to store data that may only be accessed by the origin that created it.
... windoworworkerglobalscope.origin read only returns the global object's origin, serialized as a string.
...optionally the source is cropped to the rectangle of pixels originating at (sx, sy) with width sw, and height sh.

XRBoundedReferenceSpace.boundsGeometry - Web APIs
each entry in boundsgeometry is equal to an entry in the list of native bounds geometry points for the room, premultiplied by the inverse of the origin offset.
... usage notes bounded reference spaces always have their origin located at ground level, where y is 0.
... as a general rule, with the origin for x and z located in or near the center of the space, and with the orientation set facing in a logical forward direction, as appropriate for the underlying platform or xr hardware.
...instead, it's meant to be used for one-room spaces with no more than around 15 meters of available movement space in any direction from the native origin.

XRReferenceSpace.getOffsetReferenceSpace() - Web APIs
syntax offsetreferencespace = xrreferencespace.getoffsetreferencespace(originoffset); parameters originoffset an xrrigidtransform specifying the offset to the origin of the new reference space.
... return value a new xrreferencespace object describing a reference space with the same native origin as the reference space on which the method was called, but with an origin offset indicating the distance from the object to the point given by originoffset.
...the boundsgeometry of the new reference space is set to the original object's boundsgeometry with each of its points multiplied by the inverse of originoffset.
... xrsession.requestreferencespace("local") .then((refspace) => { xrreferencespace = refspace; xrreferencespace = xrreferencespace.getoffsetreferencespace( new xrrigidtransform(startposition, {x:0, y:0, z:1.0, w: 1.0})); xrsession.requestanimationframe(drawframe); }); in this code, we obtain a local reference space, then use getoffsetreferencespace() to create a new space whose origin is adjusted to a position given by startposition and whose orientation is looking directly along the z azis.

@supports - CSS: Cascading Style Sheets
the following example returns true if the browser's transform-origin property considers 5% 5% valid: @supports (transform-origin: 5% 5%) {} function syntax the second basic supports condition is a supports function, the syntax for these is supported by all browsers, but the functions themselves are still being standardized.
...the following example returns true if the browser supports the child combinator: @supports selector(a > b) {} the not operator the not operator can precede any expression to create a new expression, resulting in the negation of the original one.
... the following example returns true if the browser's transform-origin property doesn't consider 10em 10em 10em valid: @supports not (transform-origin: 10em 10em 10em) {} as with any operator, the not operator can be applied to a declaration of any complexity.
... the following examples are both valid: @supports not (not (transform-origin: 2px)) {} @supports (display: grid) and (not (display: inline-grid)) {} note: there is no need to enclose the not operator between two parentheses at the top level.

CSS reference - CSS: Cascading Style Sheets
emsalign-selfall<an-plus-b><angle><angle-percentage>animationanimation-delayanimation-directionanimation-durationanimation-fill-modeanimation-iteration-countanimation-nameanimation-play-stateanimation-timing-function@annotationannotation()attr()b::backdropbackdrop-filterbackface-visibilitybackgroundbackground-attachmentbackground-blend-modebackground-clipbackground-colorbackground-imagebackground-originbackground-positionbackground-repeatbackground-size<basic-shape>::before (:before)bleed (@page)<blend-mode>block-sizeblur()borderborder-blockborder-block-colorborder-block-endborder-block-end-colorborder-block-end-styleborder-block-end-widthborder-block-startborder-block-start-colorborder-block-start-styleborder-block-start-widthborder-block-styleborder-block-widthborder-bottomborder-bottom-colorb...
...st-stylelist-style-imagelist-style-positionlist-style-typelocal()mmarginmargin-blockmargin-block-endmargin-block-startmargin-bottommargin-inlinemargin-inline-endmargin-inline-startmargin-leftmargin-rightmargin-top::markermarks (@page)maskmask-bordermask-border-modemask-border-outsetmask-border-repeatmask-border-slicemask-border-sourcemask-border-widthmask-clipmask-compositemask-imagemask-modemask-originmask-positionmask-repeatmask-sizemask-typematrix()matrix3d()max()max-block-sizemax-heightmax-height (@viewport)max-inline-sizemax-widthmax-width (@viewport)max-zoom (@viewport)@mediamin()min-block-sizemin-heightmin-height (@viewport)min-inline-sizemin-widthmin-width (@viewport)min-zoom (@viewport)minmax()mix-blend-modemmmsn@namespacenegative (@counter-style):not:nth-child:nth-last-child:nth-last-o...
...verscroll-behavior-blockoverscroll-behavior-inlineoverscroll-behavior-xoverscroll-behavior-yppad (@counter-style)paddingpadding-blockpadding-block-endpadding-block-startpadding-bottompadding-inlinepadding-inline-endpadding-inline-startpadding-leftpadding-rightpadding-top@pagepage-break-afterpage-break-beforepage-break-insidepaint()paint-orderpath()pc<percentage>perspectiveperspective()perspective-originplace-contentplace-itemsplace-self::placeholderpointer-eventspolygon()<position>positionprefix (@counter-style)ptpxqqquotesrradradial-gradient()range (@counter-style)<ratio>:read-only:read-writerect()remrepeat()repeating-linear-gradient()repeating-radial-gradient():requiredresize<resolution>revertrgb()rgba():rightright@right-bottom:rootrotaterotate()rotate3d()rotatex()rotatey()rotatez()row-gapsssa...
...linetext-decoration-skip-inktext-decoration-styletext-decoration-thicknesstext-emphasistext-emphasis-colortext-emphasis-positiontext-emphasis-styletext-indenttext-justifytext-orientationtext-overflowtext-renderingtext-shadowtext-transformtext-underline-offsettext-underline-position<time><time-percentage><timing-function>top@top-centertouch-actiontransformtransform-box<transform-function>transform-origintransform-styletransitiontransition-delaytransition-durationtransition-propertytransition-timing-functiontranslatetranslate()translate3d()translatex()translatey()translatez()turnuunicode-bidiunicode-range (@font-face)unset<url>url()user-zoom (@viewport)v:validvar()vertical-alignvh@viewportviewport-fit (@viewport)visibility:visitedvmaxvminvwwwhite-spacewidowswidthwidth (@viewport)will-changeword-br...

revert - CSS: Cascading Style Sheets
the revert css keyword reverts the cascaded value of the property from its current value to the value the property would have had if no changes had been made by the current style origin to the current element.
... if used by a site's own styles (the author origin), revert rolls back the property's cascaded value to the user's custom style, if one exists; otherwise, it rolls the style back to the user agent's default style.
... if used in a user's custom stylesheet, or if the style was applied by the user (the user origin), revert rolls back the cascaded value to the user agent's default style.
... h3 { font-weight: normal; color: blue; } <h3 style="font-weight: unset; color: unset;">this will still have font-weight: normal, but color: black</h3> <p>just some text</p> <h3 style="font-weight: revert; color: revert;">this should have its original font-weight (bold) and color: black</h3> <p>just some text</p> revert all reverting all values is useful when you did heavy modifications for something and then want to revert to defaults.

Audio and video manipulation - Developer guides
html we can set up our video player and <canvas> element like this: <video id="my-video" controls="true" width="480" height="270" crossorigin="anonymous"> <source src="https://udn.realityripple.com/samples/5b/8cd6da9c65.webm" type="video/webm"> <source src="https://udn.realityripple.com/samples/6f/08625b424a.m4v" type="video/mp4"> </video> <canvas id="my-canvas" width="480" height="270"></canvas> javascript this code handles altering the frames.
... note: due to potential security issues if your video is on a different domain than your code, you'll need to enable cors (cross origin resource sharing) on your video server.
...audiocontext(), audiosource = context.createmediaelementsource(document.getelementbyid("my-video")), filter = context.createbiquadfilter(); audiosource.connect(filter); filter.connect(context.destination); // configure filter filter.type = "lowshelf"; filter.frequency.value = 1000; filter.gain.value = 25; playable code <video id="my-video" controls="true" width="480" height="270" crossorigin="anonymous"> <source src="https://udn.realityripple.com/samples/5b/8cd6da9c65.webm" type="video/webm"> <source src="https://udn.realityripple.com/samples/6f/08625b424a.m4v" type="video/mp4"> </video> <div class="playable-buttons"> <input id="edit" type="button" value="edit" /> <input id="reset" type="button" value="reset" /> </div> <textarea id="code" class="playable-code"> filter.type = ...
... example var panner = context.createpanner(); panner.coneoutergain = 0.2; panner.coneouterangle = 120; panner.coneinnerangle = 0; panner.connect(context.destination); source.connect(panner); source.start(0); // position the listener at the origin.

HTML documentation index - HTML: Hypertext Markup Language
2 allowing cross-origin use of images and canvas advanced, cors, canvas, html, image, reference, security, storage, data html provides a crossorigin attribute for images that, in combination with an appropriate cors header, allows images defined by the <img> element that are loaded from foreign origins to be used in a <canvas> as if they had been loaded from the current origin.
... 39 html attribute: crossorigin advanced, attribute, cors, html, needscontent, reference, security the crossorigin attribute, valid on the <audio>, <img>, <link>, <script>, and <video> elements, provides support for cors, defining how the element handles crossorigin requests, thereby enabling the configuration of the cors requests for the element's fetched data.
... 224 link types: dns-prefetch attribute, html, link, link types, reference the dns-prefetch keyword for the rel attribute of the <link> element is a hint to browsers that the user is likely to need resources from the target resource's origin, and therefore the browser can likely improve the user experience by preemptively performing dns resolution for that origin.
... 229 link types: preconnect attribute, html, link, link types, reference the preconnect keyword for the rel attribute of the <link> element is a hint to browsers that the user is likely to need resources from the target resource's origin, and therefore the browser can likely improve the user experience by preemptively initiating a connection to that origin.

HTTP caching - HTTP
when a web cache has a requested resource in its store, it intercepts the request and returns its copy instead of re-downloading from the originating server.
... cache-control: no-store cache but revalidate a cache will send the request to the origin server for validation before releasing a cached copy.
... varying responses the vary http response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server.
... when a cache receives a request that can be satisfied by a cached response that has a vary header field, it must not use that cached response unless all header fields as nominated by the vary header match in both the original (cached) request and the new request.

Navigation and resource timings - Web Performance
if there is no redirect, or if one of the redirects is not of the same origin, the value returned is 0.
...if there is no redirect, or if one of the redirects is not of the same origin, the value returned is 0.
...if there is no previous document, or if the previous document or one of the needed redirects is not of the same origin, the value returned is 0.
...if there is no previous document, or if the previous document, or one of the needed redirects, is not of the same origin, the value returned is 0.

SVG Attribute reference - SVG: Scalable Vector Graphics
fill fill-opacity fill-rule filter filterres filterunits flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight format from fr fx fy g g1 g2 glyph-name glyph-orientation-horizontal glyph-orientation-vertical glyphref gradienttransform gradientunits h hanging height href hreflang horiz-adv-x horiz-origin-x i id ideographic image-rendering in in2 intercept k k k1 k2 k3 k4 kernelmatrix kernelunitlength kerning keypoints keysplines keytimes l lang lengthadjust letter-spacing lighting-color limitingconeangle local m marker-end marker-mid marker-start markerheight markerunits markerwidth mask maskcontentunits maskunits mathematical max media method ...
...min mode n name numoctaves o offset opacity operator order orient orientation origin overflow overline-position overline-thickness p panose-1 paint-order path pathlength patterncontentunits patterntransform patternunits ping pointer-events points pointsatx pointsaty pointsatz preservealpha preserveaspectratio primitiveunits r r radius referrerpolicy refx refy rel rendering-intent repeatcount repeatdur requiredextensions requiredfeatures restart result rotate rx ry s scale seed shape-rendering slope spacing specularconstant specularexponent speed spreadmethod startoffset stddeviation stemh stemv stitchtiles stop-color stop-opacity strikethrough-position strikethrough-thickness string stroke stroke-dasharray str...
...oke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style surfacescale systemlanguage t tabindex tablevalues target targetx targety text-anchor text-decoration text-rendering textlength to transform transform-origin type u u1 u2 underline-position underline-thickness unicode unicode-bidi unicode-range units-per-em v v-alphabetic v-hanging v-ideographic v-mathematical values vector-effect version vert-adv-y vert-origin-x vert-origin-y viewbox viewtarget visibility w width widths word-spacing writing-mode x x x-height x1 x2 xchannelselector xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y y y1 y2 ychannelse...
...yph-orientation-vertical, image-rendering, kerning, letter-spacing, lighting-color, marker-end, marker-mid, marker-start, mask, opacity, overflow, pointer-events, shape-rendering, stop-color, stop-opacity, stroke, stroke-dasharray, stroke-dashoffset, stroke-linecap, stroke-linejoin, stroke-miterlimit, stroke-opacity, stroke-width, text-anchor, text-decoration, text-rendering, transform, transform-origin, unicode-bidi, vector-effect, visibility, word-spacing, writing-mode filters attributes filter primitive attributes height, result, width, x, y transfer function attributes type, tablevalues, slope, intercept, amplitude, exponent, offset animation attributes animation attribute target attributes attributetype, attributename animation timing attributes begin, dur, end, min, max, restart,...

Interaction between privileged and non-privileged pages - Archive of obsolete content
the event bubbles up from the web page and reaches the extension (privileged code) where your listener catches it and reads the attribute values from the dom element where the event originated.
...in the following code sample 2 methods are combined: setting an extra attribute in the original event target element, and creating a new event message with a new event target element.
... for this to work we need to define the original target element globally.

Chapter 3: Introduction to XUL—How to build a more intuitive UI - Archive of obsolete content
and was originally published in japanese for the firefox developers conference summer 2007.
... because html was originally conceived as a language for marking up documents, specifically web pages, it is inevitably lacking in functionality for marking up applications.
...the xul document that actually gets displayed will be a combination of the original xul document and the one specified in xul-overlay.

Appendix F: Monitoring DOM changes - Archive of obsolete content
for instance, when you want to modify the result of dom mutations that you know are the result of the doawesomedomstuff() function, you can wrap it as follows: { let originaldoawesomedomstuff = doawesomedomstuff; doawesomedomstuff = function _doawesomedomstuff() { let res = originaldoawesomedomstuff.apply(this, arguments); doawesomerdomstuff(res, arguments); return res; }; } now, whenever doawesomedomstuff() is called, the original function will be called, followed by your own doawesomerdomstuff() function, which can then fur...
...variations on this method include modifying the arguments passed to the wrapped function, modifying its return value, and making changes both before and after the original method is called.
...for instance, if you need to know about attribute changes to a particular node, then you should replace its setattribute method with a function that calls the original setattribute function as originalsetattribute.apply(this, arguments) before running your necessary event code.

Underscores in class and ID Names - Archive of obsolete content
note: browser support for underscores in css has greatly improved since this article was originally published in 2001 and the following recommendation is no longer accurate for most circumstances.
... original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

CSS3 - Archive of obsolete content
the css background-origin, background-size, and background-clip properties.
... css transforms level 1 working draft adds: the support of bi-dimensional transforms to be applied to any element using the css transform and transform-origin properties.
... the support of tri-dimensional transforms to be applied to any element by adding the css transform-style, perspective, perspective-origin, and backface-visibility properties and extended the transform property with the following transforms are: matrix 3d(), translate3d(), translatez(), scale3d(), scalez(), rotate3d(), rotatex(), rotatey(), rotatez(), and perspective().

MMgc - Archive of obsolete content
it has a get method which returns the pointer to the original object, or null if that object has already been destroyed.
...memory leaks will be displayed with their stack trace of origin.
...in our original implementation clearmarks/finalize/sweep visited every gc page and every object on that page.

Defining Cross-Browser Tooltips - Archive of obsolete content
a variant on christian's original suggestion was made by "ct" in bug 25537.
... related links html 4.01 specification: 13.8 how to specify alternate text html 4.01 specification: 7.4.3 the title attribute bug 25537 original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

No Proxy For configuration - Archive of obsolete content
this feature was originally designed as a "blacklist" of sites or domains that was within the intranet, and should not be accessed via the proxy server.
...david baron has pointed out that the original pac code in the "classic" tree is written in c++.
... original document information author(s): benjamin chuang last updated date: november 2, 2005 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Bookmark Keywords - Archive of obsolete content
the original title of the bookmark won't apply.
... original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

Creating a Firefox sidebar extension - Archive of obsolete content
it was originally written in 2005.
... the emptysidebar extension resources code snippets:sidebar building an extension creating applications with mozilla packaging firefox/thunderbird extensions creating a firefox 1 sidebar original document information author: j.c.
... original source: http://occidopagus.nl/firefox/emptysidebar/ ...

Making a Mozilla installation modifiable - Archive of obsolete content
although mozilla stores the ui files in jar archives, it can also access them in their original, unarchived form, which is useful for the extensions developer because it makes it unnecessary to extract the files from the archive before changing the code and then re-add them to the archive afterwards.
...to make mozilla modifiable, we will first extract the ui files from the archives using an unzip utility, then edit mozilla's registry of ui files to use the extracted files instead of the original jar archives.
...after extracting the files we will modify the mozilla chrome registry to use the extracted files instead of the original jar archives.

RDF Datasource How-To - Archive of obsolete content
it supersedes (and borrows from) the original document put together by robert churchill.
...when flush() is called, or the last reference to the datasource is released, a routine walks the in-memory datasource and re-serializes the graph back to the original file format.
... contact: chris waterson (waterson@netscape.com) original document information author(s): chris waterson last updated date: june 19, 2000 copyright information: copyright (c) chris waterson ...

Safely loading URIs - Archive of obsolete content
changes in gecko 1.9 a key security change in gecko 1.9 is the addition of the new security.fileuri.strict_origin_policy preference.
... this boolean preference, which defaults to true, can be set to false if the user doesn't want to strictly enforce the same origin policy on file: uris.
... see same-origin policy for file: uris for details.

Space Manager High Level Design - Archive of obsolete content
if the block has any block children, then translate the space manager to the child block's origin and update the space manager in the context for the child block, recursively.
... when done with the child, restore the space managers coordinates by translating by the negative of the child block's origin.
...should be private (compiles fine) nsblockframe::paint is mucking with nsblockbanddata in and #if 0 block - remove that and the include (compiles fine) nsspacemanger has no way of clearing the float damage interval set - this might be needed if the spacemanager persists beyond a reflow original document information author(s): marc attinasi other contributors: alex savulov, chris waterson, david baron, josh soref last updated date: november 20, 2005 ...

Anonymous Content - Archive of obsolete content
the original anonymous content responsible for the event can be obtained from a new field of the event object: originaltarget.
...style rules using the child, descendant, or sibling selectors transparently cross bind scopes and operate on the altered and original content models.
...these sheets have the same origin as the sheet with the rule responsible for the binding.

Building accessible custom components in XUL - Archive of obsolete content
if the user presses enter while editing the cell, we "accept" the value by recreating the original label and copying the new value back.
... if the user presses esc, we "cancel" the edit by simply recreating the original label and restoring its previous value.
...the done_edit function recreates the original label element and sets the new value.

Tree Widget Changes - Archive of obsolete content
one feature that has been added is restorenaturalorder which may be used to restore the original order of the columns before the user moved them around.
... tree.columns.restorenaturalorder() there is also a command on the end of the tree's column picker which the user may use to restore the original column order.
...example: treechildren::-moz-tree-separator { margin-top: 1px; border-top: 1px solid threedshadow; border-left: 1px solid threedshadow; border-right: 1px solid threedhighlight; border-bottom: 1px solid threedhighlight; height: 2px; } original document information author: neil deakin source: here ...

xbDesignMode.js - Archive of obsolete content
* * the original code is netscape cross browser design mode code.
... * * the initial developer of the original code is * netscape communications corporation.
... * * contributor(s): doron rosenberg <doron@netscape.com> (original author) * * * * ***** end license block ***** */ /* xbdesignmode a javascript wrapper for browsers that support designmode */ function xbdesignmode(aiframe){ this.meditordocument = null; this.miframeelement = null; // argument is a string, therefore an id if ( (typeof(aiframe) == "string") && (document.getelementbyid(aiframe).tagname.tolowercase()=="iframe") ){ this.miframeelement = document.getelementbyid(aiframe); } else if( (typeof(aiframe)=="object") && (aiframe.tagname.tolowercase() == "iframe") ){ this.miframeelement = aiframe; } else { throw "argument isn't an id o...

2006-10-20 - Archive of obsolete content
on october 18th marcus responded to his original post and expanded on the original content of his question.
... adding extension to extensions/ folder originally posted on oct 19th: christopher finke is currently learning how to compile firefox.
... on october 20th christopher finke responded to his original post.

Introduction to Public-Key Cryptography - Archive of obsolete content
authentication allows the recipient of information to determine its origin-that is, to confirm the sender's identity.
...separate signing and encryption certificates make it possible to keep the private signing key on the local machine only, thus providing maximum nonrepudiation, and to back up the private encryption key in some central location where it can be retrieved in case the user loses the original key or leaves the company.
... original document information author(s): ella deon lackey last updated date: 2012 copyright information: © 2012 red hat, inc.

Threats - Archive of obsolete content
original document information author(s): ella deon lackey last updated date: 2012 copyright information: © 2012 red hat, inc.
... link: red hat certificate system common criteria certification 8.1: deployment, planning, and installation original document information author(s): joint task force transformation initiative title: national institute of standards and technology (nist) special publication 800-30 revision 1, guide for conducting risk assessments last updated date: september 2012 copyright information: this document is not subject to copyright.
... original document information author(s): karen scarfone, wayne jansen, and miles tracy title: national institute of standards and technology (nist) special publication 800-123, guide to general server security last updated date: july 2008 copyright information: this document is not subject to copyright.

Browser Detection and Cross Browser Support - Archive of obsolete content
the original netscape browsers used a user agent string which began with the code name for the netscape browser followed by its version number, e.g.
...a common type of detection which originally was written to support only netscape navigator 4 and internet explorer 4 might look like: // wrong approach - do not use!
...eature detection gecko user agent strings rfc 1945 - hypertext transfer protocol -- http 1.0 rfc 2068 - hypertext transfer protocol -- http 1.1 [mozilla's quirks mode] css enhancements in internet explorer 6 w3c w3c markup w3c technical recommendations w3c html 4.01 w3c css 1 w3c css 2 w3c dom core 2 w3c dom html 2 w3c dom style 2 original document information author(s): bob clary last updated date: 10 feb 2003 ...

LiveConnect Overview - Archive of obsolete content
when a javascript object is sent to java, the runtime engine creates a java wrapper of type jsobject; when a jsobject is sent from java to javascript, the runtime engine unwraps it to its original javascript object type.
... an object of class netscape.javascript.jsobject is converted to the original javascript object.
... a java object of any other class is converted to a javascript wrapper, which can be used to access methods and fields of the java object: converting this wrapper to a string calls the tostring method on the original object.

Browsing context - MDN Web Docs Glossary: Definitions of Web-related terms
each browsing context has a specific origin, the origin of the active document and a history that memorize all the displayed documents, in order.
...between browsing context of the same origin, a broadcastchannel can be opened and used.
... learn more see origin ...

MDN Web Docs Glossary: Definitions of Web-related terms
e navigator network throttling nntp node node (dom) node (networking) node.js non-normative normative null nullish value number o object object reference oop opengl openssl opera browser operand operator origin ota owasp p p2p pac packet page load time page prediction parameter parent object parse parser pdf perceived performance percent-encoding php pixel placeholder names plaintext png polyfill polym...
... responsive web design rest rgb ril robots.txt round trip time (rtt) routers rss rtcp (rtp control protocol) rtf rtl (right to left) rtp (real-time transport protocol) and srtp (secure rtp) rtsp: real-time streaming protocol ruby s safe same-origin policy scm scope screen reader script-supporting element scroll container scrollport sctp sdp search engine second-level domain secure sockets layer (ssl) selector (css) self-executing anonymous function semantics seo serialization server ...
...neers) smtp snap positions soap spa (single-page application) specification speculative parsing speed index sql sql injection sri stacking context state machine statement static method static typing strict mode string stun style origin stylesheet svg svn symbol symmetric-key cryptography synchronous syntax syntax error synthetic monitoring t tag tcp tcp handshake tcp slow start telnet texel thread three js time to first byte time to interactive...

Floats - Learn web development
previous overview: css layout next originally for floating images inside blocks of text, the float property became one of the most commonly used tools for creating multiple column layouts on webpages.
... with the advent of flexbox and grid it has now returned to its original purpose, as this article explains.
...nulla luctus aliquam dolor, eu lacinia lorem placerat vulputate.</p> </div> in your css, add the following rule for the .wrapper class and then reload the page: .wrapper { background-color: rgb(79,185,227); padding: 10px; color: #fff; } in addition, remove the original .cleared class: .cleared { clear: left; } you will see that, just like in the example where we put a background color on the paragraph, the background color runs behind the float.

Responsive design - Learn web development
in marcotte's original exploration this meant flexible grids (using floats) and media queries, however in the almost 10 years since that article was written, working responsively has become the default.
...in his original piece on fluid grids, marcotte detailed a formula for taking a layout designed using pixels and converting it into percentages.
... this meta tag exists because when the original iphone launched and people started to view websites on a small phone screen, most sites were not mobile optimized.

How can we design for all types of users? - Learn web development
="subheading">this is our subheading</span> </h1> </body> </html> a percent-based css will look like this: body { font-size:100%; } /* 100% of the browser's base font size, so in most cases this will render as 16 pixels */ h1 { font-size:200%; } /* twice the size of the body, thus 32 pixels */ span.subheading { font-size:50%; } /* half the size of the h1, thus 16 pixels to come back to the original size */ the same problem expressed with ems: body { font-size:1em; } /* 1em = 100% of the browser's base font size, so in most cases this will render as 16 pixels */ h1 { font-size:2em; } /* twice the size of the body, thus 32 pixels */ span.subheading { font-size:0.5em; } /* half the size of the h1, thus 16 pixels to come back to the original size */ as you can see, the math quickly gets d...
...the css can be rewritten thus: body { font-size:1em; } /* 1em = 100% of the browser's base font size, so in most cases this will render as 16 pixels */ h1 { font-size:2rem; } /* twice the size of the body, thus 32 pixels */ span.subheading { font-size:1rem; } /* original size */ easier, isn't it?
... your readers may be using a very strict intranet that blocks images originating from a cdn.

Responsive images - Learn web development
and conversely, a small raster image starts to look grainy when displayed larger than its original size (a raster image is a set number of pixels wide and a set number of pixels tall, as we saw when we looked at vector graphics).
... returning to our original not-responsive.html example, we have an image that badly needs art direction: <img src="elva-800w.jpg" alt="chris standing up holding his daughter elva"> let's fix this, with <picture>!
...by then, the original image would already have been loaded, and you would load the small image as well, which is even worse in responsive image terms.

Object prototypes - Learn web development
this constructor property points to the original constructor function.
... for example, try these commands in the console: person1.constructor person2.constructor these should both return the person() constructor, as it contains the original definition of these instances.
...you won't need to use it often, but it can be really useful when you want to create a new instance and don't have a reference to the original constructor easily available for some reason.

Properly configuring server MIME types - Learn web development
for security reasons, gecko 2.0 will no longer do this for stylesheets loaded from a different origin than the requesting document.
... if your stylesheet comes from a different origin than the document, you must serve it with the correct mime type (text/css).
... related links incorrect mime type for css files iana | mime media types hypertext transfer protocol — http/1.1 microsoft - 293336 - info: webcast: mime type handling in microsoft internet explorer microsoft - appendix a: mime type detection in internet explorer microsoft - security update, march 29, 2001 microsoft - security update, december 13, 2001 original document information author: bob clary, date: 20 feb 2003 ...

Client-Server Overview - Learn web development
the origin of the request, https://developer.mozilla.org/).
... post https://developer.mozilla.org/profiles/hamishwillee/edit http/1.1 host: developer.mozilla.org connection: keep-alive content-length: 432 pragma: no-cache cache-control: no-cache origin: https://developer.mozilla.org upgrade-insecure-requests: 1 user-agent: mozilla/5.0 (windows nt 10.0; wow64) applewebkit/537.36 (khtml, like gecko) chrome/52.0.2743.116 safari/537.36 content-type: application/x-www-form-urlencoded accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 referer: https://developer.mozilla.org/profiles/hamishwillee/edit accept-encoding: gz...
... #best/views.py from django.shortcuts import render from .models import team def junior(request): list_teams = team.objects.filter(team_type__exact="junior") context = {'list': list_teams} return render(request, 'best/index.html', context) after the junior() function gets the list of junior teams, it calls the render() function, passing the original httprequest, an html template, and a "context" object defining the information to be included in the template.

Website security - Learn web development
any scripts in the original user content will be run when the new page is loaded.
...this works because the first part of the injected text (a';) completes the original statement.
...whatever else you do to improve the security of your website, you should sanitize all user-originating data before it is displayed in the browser, used in sql queries, or passed to an operating system or file system call.

Componentizing our Svelte app - Learn web development
add the following, again to the bottom of the <script> section: function update(updatedtodo) { todo = { ...todo, ...updatedtodo } // applies modifications to todo dispatch('update', todo) // emit update event } here we are using the spread syntax to return the original todo with the modifications applied to it.
... the update() function emits the update event, passing as additional information a copy of the original todo with the changes applied.
... the <input>'s value property will be bound to the name variable, and the buttons to cancel and save the changes call oncancel() and onsave() respectively (we added those functions earlier): when oncancel() is invoked, name is restored to its original value (when passed in as a prop) and we exit editing mode (by setting editing to false).

What to do and what not to do in Bugzilla
if there are only a few comments in the bug, it may be reopened only if the original reporter provides more info, or confirms someone else's steps to reproduce.
... if the bug is long, when enough info is provided a new bug should be filed and the original bug marked as a duplicate of it.
...note that in general it's impossible to verify a duplicate until the original has been resolved.

HTML parser threading
if there is a snapshot, the tokenizer used for parsing document.write()-originating data on the main thread is reset to the data state.
...then the tree builder that is used for parsing document.write()-originating data is initialized from the state snapshot.
...continuing to use network-originating data after scripts nshtml5streamparser::continueafterscripts runs on the main thread.

WebChannel.jsm
the webchannel.jsm javascript code module provides an abstraction that uses the message manager and custom events apis to create a two-way communication channel between chrome and content code for specific origins (using a specific origin passed to the constructor or a lookup with nsipermissionmanager while also ensuring the scheme is https).
... components.utils.import("resource://gre/modules/webchannel.jsm"); constructor webchannel(string webchannelid, nsiuri originorpermission); 2nd argument is a valid origin that should be part of requests for this channel.
... webchannel(string webchannelid, string originorpermission); 2nd argument is a permission for which the permission manager will be checked to determine if the request is allowed.

Localization content best practices
ideally, all strings landing in code should originate from approved ux wireframes, any copy review should be part of the initial stage of creating these wireframes.
...one possible way to test a patch for localizability issues is to alter the en-us localization files, adding extraneous characters to the original strings: this can help to identify both hard-coded strings and "flexibility issues" in the ui.
...for example, to check if it's using a character not available in the original string, given entities "usebookmark.label" and "usebookmark.accesskey", if you change to "choosebookmark.label" due to a string change, change the access key entity to "choosebookmark.accesskey" to match it.

Localizing with Koala
translating to x-testing will basically consist of converting any strings to uppercase, for example "file" in original version (en-us) will become "file" in x-testing.
...included locale: en-us (this is the original locale you're translating from).
...select en-us (included) in original locale column.

Localizing with Pontoon
replace the original text with its translation into your language.
... translation panel with original string and its details (e.g.
... search almost like machinery, but takes provided keyword as input parameter instead of the original string.

Mozilla Web Developer FAQ
the fonts have to be served from the same origin (protocol, host, port) as the content that uses them unless the fonts are served with the appropriate cross-origin resource sharing http headers.
... white space characters in attribute values are normalized to spaces at parse time, so the original white space never makes it to the dom.
... comp.infosystems.www.authoring.html web authoring faq comp.infosystems.www.authoring.stylesheets faq ciwas stylesheet authoring faq comp.lang.javascript faq original document information author(s): henri sivonen (please, no authoring questions to this address.) last updated date: may 12, 2007 copyright information: henri sivonen ...

Installation guide
the build system of nss originated from netscape's build system, which predated the "configure; make; make test; make install" sequence that we're familiar with now.
...you can avoid that by installing the libraries in a directory that is $origin/../lib, where $origin is the directory where the programs are installed.
... this is done here: http://lxr.mozilla.org/security/sour...platlibs.mk#53 53 ifeq ($(os_arch), linux) 54 ifeq ($(use_64), 1) 55 extra_shared_libs += -wl,-rpath,'$$origin/../lib64:$$origin/../lib' 56 else 57 extra_shared_libs += -wl,-rpath,'$$origin/../lib' 58 endif 59 endif for example, if you install certutil in /foo/bar/nss/bin and the .so's in /foo/bar/nss/lib, then you only need to add /foo/bar/nss/bin to your path; you don't need to set ld_library_path.

Necko Architecture
architecture after a few iterations of our original design, the current necko architecture looks something like this: urls necko's primary responsibility is moving data from one location, to another location.
...once you have a url interface in hand (nsiurl), you have a completely parsed representation of the original url string, and you can query for the various parts of the url.
... dependencies necko requires the following libraries for linking: nspr xpcom original document information author(s): jud valeski last updated date: november 8, 1999 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

JS_GetArrayPrototype
this article covers features introduced in spidermonkey 24 retrieves the original, canonical array.prototype for an object's global object.
... description js_getarrayprototype() retrieves the original array.prototype of a specified object, obj.
... note: this expression might have different values over time if the global array property is modified, but this method returns only the original value.

JS_GetFunctionPrototype
this article covers features introduced in spidermonkey 17 retrieves the original, canonical function.prototype for an object's global object.
... description js_getfunctionprototype() retrieves the original function.prototype of a specified object, obj.
... note: this expression might have different values over time if the global function property is modified, but this method returns only the original value.

JS_GetObjectPrototype
this article covers features introduced in spidermonkey 17 retrieves the original, canonical object.prototype for an object's global object.
... description js_getobjectprototype() retrieves the original object.prototype of a specified object, obj.
... note: this expression might have different values over time if the global object property is modified, but this method returns only the original value.

Mozilla internal string guide
oo::getunicodevalue(nsacstring& result) { result.assignliteral("prefix:"); appendutf16toutf8(mlocalutf16value, result); } tonewutf8string(const nsastring&) - (avoid if possible) allocates and converts: void foo::getutf8value(char** result) { *result = tonewutf8string(mlocalutf16value); } latin1 / utf-16 conversion the following should only be used when you can guarantee that the original string is ascii or latin1 (in the sense that the byte value is the unicode scalar value; not in the windows-1252 sense).
...the nssubstringtuple object holds pointers to the original strings.
... original document information author: alec flett copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

XPCOM Stream Guide
if everything goes well, calling the stream's .finish() method overwrites the original file with the new file.
...(however, because baseinputstream is an * nsstringinputstream, it is also a seekable stream...so we could go to * the beginning if we wanted to.) */ var str1 = store.newinputstream(0); var d1 = new inputstream(str1); // d1 has a complete copy of baseinputstream's original contents.
... var d2 = new inputstream(store.newinputstream(0)); // d2 has a complete copy of baseinputstream's original contents.

nsIContentSecurityPolicy
irefox 4 / thunderbird 3.3 / seamonkey 2.1) method overview boolean permitsancestry(in nsidocshell docshell); void refinepolicy(in astring policystring, in nsiuri selfuri); void scanrequestdata(in nsihttpchannel achannel); void sendreports(in astring blockeduri, in astring violateddirective); short shouldload(in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetypeguess, in nsisupports aextra); short shouldprocess(in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetype, in nsisupports aextra); attributes attribute type description allowseval boolean whether this policy allows eval and eval-like functions such as settimeout("...
...short shouldload( in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetypeguess, in nsisupports aextra ); parameters acontenttype acontentlocation arequestorigin acontext amimetypeguess aextra return value shouldprocess() delegate method called by the service when sub-elements of the protected document are being processed.
...short shouldprocess( in unsigned long acontenttype, in nsiuri acontentlocation, in nsiuri arequestorigin, in nsisupports acontext, in acstring amimetype, in nsisupports aextra ); parameters acontenttype acontentlocation arequestorigin acontext amimetype aextra return value ...

nsICookieManager
it is implemented by the @mozilla.org/cookiemanager;1 component, but should generally be accessed via services.cookies method overview void remove(in autf8string ahost, in acstring aname, in autf8string apath, in boolean ablocked, in jsval aoriginattributes); void removeall(); attributes attribute type description enumerator nsisimpleenumerator called to enumerate through each cookie in the cookie list.
... void remove( in autf8string ahost, in acstring aname, in autf8string apath, in boolean ablocked, in jsval aoriginattributes ); parameters ahost the host or domain for which the cookie was set.
... aoriginattributes the originattributes of this cookie.

nsIDragSession
sourcedocument nsidomdocument the document where the drag was started, which will be null if the drag originated outside the application.
... useful for determining if a drop originated in the same document.
... sourcenode nsidomnode the dom node that was originally dragged to start the session, which will be null if the drag originated outside the application.

nsILoginInfo
nsilogininfo alogininfo); void init(in astring ahostname, in astring aformsubmiturl, in astring ahttprealm, in astring ausername, in astring apassword, in astring ausernamefield, in astring apasswordfield); boolean matches(in nsilogininfo alogininfo, in boolean ignorepassword); attributes attribute type description formsubmiturl astring the origin, not url, a form-based login was submitted to.
...forms with no action attribute default to submitting to their origin url, so that is stored here.
... hostname astring the origin, not hostname, to which the login applies (for example, "https://www.site.com").

nsIURIFixupInfo
fixeduri nsiuri the fixed-up original input, *never* using a keyword search.
... (may be null if the original input was broken as a url, e.g.
... originalinput autf8string the original input.

nsIWebBrowserChrome3
1.0 66 introduced gecko 2.0 inherits from: nsiwebbrowserchrome2 last changed in gecko 2.0 (firefox 4 / thunderbird 3.3 / seamonkey 2.1) method overview astring onbeforelinktraversal(in astring originaltarget, in nsiuri linkuri, in nsidomnode linknode, in prbool isapptab); methods onbeforelinktraversal() determines the appropriate target for a link.
... astring onbeforelinktraversal( in astring originaltarget, in nsiuri linkuri, in nsidomnode linknode, in prbool isapptab ); parameters originaltarget the original link target.
...otherwise returns originaltarget.

nsIWebBrowserPersist
persist_flags_fixup_original_dom 128 make changes to original dom rather than cloning nodes.
... persist_flags_fixup_links_to_destination 256 fix links relative to destination location (not origin) persist_flags_dont_fixup_links 512 do not make any adjustments to links.
...this flag may be used to preserve the original formatting as much as possible.

nsIXPConnect
returns an xpcnativewrapper, xpcsafejsobjectwrapper, or xpccrossoriginwrapper for the given object based on the principal, scope, and filename flags that are passed in.
... ascope the scope to be used in the event that we create an xpccrossoriginwrapper.
... wrap a jsval in a cross origin wrapper.

Mail composition back end
ns_imethod onstartcopy( nsisupports *listenerdata) = 0; - the nsisupports pointer passed in to the original copy operation onprogress the onprogress interface is called with progress notification for the copy operation.
... ns_imethod onprogress( pruint32 aprogress, - the progress so far pruint32 aprogressmax) = 0; - the maximum progress (aprogress should be used as a numerator and aprogressmax as a denominator for a message sent percentage) nsisupports *listenerdata) = 0; - the nsisupports pointer passed in to the original copy operation onstopcopy the onstopcopy interface is called when the copy operation has completed.
... ns_imethod onstopcopy( nsresult astatus, - the resulting status for the send operation nsisupports *listenerdata) = 0; - the nsisupports pointer passed in to the original copy operation copy operations there are various copy operations that can result as a part of message creation and delivery.

WebIDL bindings
[crossoriginreadable] used to flag an attribute that, when read, will not have the same-origin constraint tested: it can be read from a context with a different origin.
... [crossoriginwrite] used to flag an attribute that, when written, will not have the same-origin constraint tested: it can be written from a context with a different origin.
... [crossorigincallable] used to flag a method that, when called, will not have the same-origin constraint tested: it can be called from a context with a different origin.

Zombie compartments
roughly speaking, all memory used by javascript code that is from a particular origin (i.e.
......) compartment(http://platform.twitter.com/widgets/...utton.html?...) compartment(http://cdn.at.atwola.com/_media/uac/tcode3.html) compartment(https://s-static.ak.fbcdn.net/connec..._proxy.php?...) compartment(http://ads.tw.adsonar.com/adserving/getads.jsp?...) (some of those compartment urls are long and have been truncated.) another thing to beware is each compartment is created for an origin (e.g.
... so i'll end up with a compartment whose name doesn't match the only page open from that origin.

DOM Inspector FAQ - Firefox Developer Tools
these nodes are anonymous content nodes, meaning they are not in the dom generated by the original document.
... i see a lot of empty #text nodes that i don't see in the original document.
... original document information author(s): christopher aillon last updated date: november 11, 2003 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Source map errors - Firefox Developer Tools
source maps are json files providing a way to associate transformed sources, as seen by the browser, with their original sources, as written by the developer.
...typical error messages here are: syntaxerror: json.parse: unexpected character at line 1 column 1 of the json data error: "version" is a required argument original source missing an original source may be missing.
... you may encounter this when trying to open one of the original sources in the debugger.

UI Tour - Firefox Developer Tools
at the top level sources are organized by origin, and under that they're organized by the directory structure from which they are served.
... source maps: enabled by default, this option directs the debugger to load the original versions of files, and map them to the generated ones loaded in a page, to ease debugging of translformed sources.
... note: if you click step over (f10) after changing the selected line in the source pane, the debugger executes until reaching the line following the newly-selected line (disregarding whatever line the debugger originally stopped at).

Migrating from Firebug - Firefox Developer Tools
download firefox developer edition general activation firebug's activation is url based respecting the same origin policy.
... that means that when you open a page on the same origin in a different tab, firebug gets opened automatically.
... and when you open a page of a different origin in the same tab, it closes automatically.

Intensive JavaScript - Firefox Developer Tools
a.command == "done") { pointlesscomputationsbutton.disabled = false; console.log(message.data.primes); worker.removeeventlistener("message", handleworkercompletion); } } worker.addeventlistener("message", handleworkercompletion, false); worker.postmessage({ "multiplier": multiplier, "iterations": iterations }); } the main difference here, compared with the original, is that we need to: create a worker send it a message when we are ready to calculate listen for a message called "done", which indicates that the worker has finished.
...the code that actually performs the computations is exactly the same as the original code.
...compared with the original, each button-press is visible in the overview as two very short orange markers: the dopointlesscomputationsinworker() function that handles the click event and starts the worker's processing the handleworkercompletion() function that runs when the worker calls "done".

AuthenticatorResponse.clientDataJSON - Web APIs
the original value is passed via publickeycredentialrequestoptions.challenge or publickeycredentialcreationoptions.challenge.
... origin the fully qualified origin of the requester which has been given by the client/browser to the authenticator.
...n string.fromcharcode.apply(null, new uint8array(buf)); } // pk is a publickeycredential that is the result of a create() or get() promise var clientdatastr = arraybuffertostr(pk.clientdatajson); var clientdataobj = json.parse(clientdatastr); console.log(clientdataobj.type); // "webauthn.create" or "webauthn.get" console.log(clientdataobj.challenge); // base64 encoded string containing the original challenge console.log(clientdataobj.origin); // the window.origin specifications specification status comment web authentication: an api for accessing public key credentials level 1the definition of 'clientdatajson' in that specification.

CSSPseudoElement.element - Web APIs
the element read-only property of the csspseudoelement interface returns a reference to the originating element of the pseudo-element, in other words its parent element.
... syntax var originatingelement = csspseudoelement.element; value an element representing the pseudo-element's originating element.
... examples the example below demonstrates the relationship between csspseudoelement.element and element.pseudo(): const myelement = document.queryselector('q'); const csspseudoelement = myelement.pseudo('::after'); const originatingelement = csspseudoelement.element; console.log(myelement === originatingelement); // outputs true console.log(myelement.parentelement === originatingelement); // outputs false console.log(myelement.lastelementchild === csspseudoelement); // outputs false console.log(myelement.lastchild === csspseudoelement); // outputs false console.log(myelement.nextelementsibling === csspseudoelement); // outputs false console.log(myelement.nextsibling === csspseudoelement); // outputs false specifications specification status...

CSSStyleSheet.insertRule() - Web APIs
(function(sheet_proto){ var originalinsertrule = sheet_proto.insertrule; if (originalinsertrule.length === 2){ // 2 mandatory arguments: (selector, rules) sheet_proto.insertrule = function(selectorandrule){ // first, separate the selector from the rule a: for (var i=0, len=selectorandrule.length, isescaped=0, newcharcode=0; i !== len; ++i) { newcharcode = selectorandrule.charcodeat(i); if (!isesc...
... /*else*/ return originalinsertrule.call( this, // the sheet to be changed selectorandrule.substring(0, openbracketpos), // the selector selectorandrule.substring(closebracketpos), // the rule arguments[3] // the insert index ); } // works by if the char code is a backslash, then isescaped // gets flipped (xor-ed by 1), and if it is not a...
... backslash // then isescaped gets xored by itself, zeroing it isescaped ^= newcharcode===92?1:isescaped; // 92 = "\\".charcodeat(0) } // else, there is no unescaped bracket return originalinsertrule.call(this, selectorandrule, "", arguments[2]); }; } })(cssstylesheet.prototype); specifications specification status comment css object model (cssom)the definition of 'cssstylesheet.insertrule' in that specification.

Pixel manipulation with canvas - Web APIs
in the zoom canvas we resize a 10×10 pixel crop of the original canvas to 200×200.
... note: be aware that if the canvas contains any pixels that were obtained from another origin without using cors, the canvas is tainted and its contents can no longer be read and saved.
... see security and tainted canvases in allowing cross-origin use of images and canvas canvas.todataurl('image/png') default setting.

Clients.openWindow() - Web APIs
generally this value must be a url from the same origin as the calling script.
... return value a promise that resolves to a windowclient object if the url is from the same origin as the service worker or a null value otherwise.
... examples // send notification to os if applicable if (self.notification.permission === 'granted') { const notificationobject = { body: 'click here to view your messages.', data: { url: self.location.origin + '/some/path' }, // data: { url: 'http://example.com' }, }; self.registration.shownotification('you\'ve got messages!', notificationobject); } // notification click event listener self.addeventlistener('notificationclick', e => { // close the notification popout e.notification.close(); // get all the window clients e.waituntil(clients.matchall({ type: 'window' }).then(clientsarr => { // if a window tab matching the targeted url already exists, focus that; const hadwindowtofocus = clientsarr.some(windowclient => windowclient.url === e.notification.data.ur...

DOMMatrixReadOnly.flipX() - Web APIs
the flipx() method of the dommatrixreadonly interface creates a new matrix being the result of the original matrix flipped about the x-axis.
... syntax dommatrix.flipx() return value returns a dommatrix containing a new matrix being the result of the original matrix flipped about the x-axis, which is equivalent to multiplying the matrix by dommatrix(-1, 0, 0, 1, 0, 0).
... the original matrix is not modified.

DOMMatrixReadOnly.translate() - Web APIs
the translate() method of the dommatrixreadonly interface creates a new matrix being the result of the original matrix with a translation applied.
...the original matrix is not modified.
... examples this svg contains two squares, one red and one blue, each positioned at the document origin: <svg width="250" height="250" viewbox="0 0 50 50"> <rect width="25" height="25" fill="red" /> <rect id="transformed" width="25" height="25" fill="blue" /> </svg> the following javascript first creates an identity matrix, then uses the translate() method to create a new, translated matrix — which is then applied to the blue square as a transform.

Document.domain - Web APIs
the domain property of the document interface gets/sets the domain portion of the origin of the current document, as used by the same origin policy.
... if this property is successfully set, the port part of the origin is also set to null.
... syntax const domainstring = document.domain document.domain = domainstring value the domain portion of the current document's origin.

Element.tagName - Web APIs
the tag names of elements in an xml dom tree are returned in the same case in which they're written in the original xml file.
... example html <span id="born">when i was born...</span> javascript var span = document.getelementbyid("born"); console.log(span.tagname); in xhtml (or any other xml format), the original case will be maintained, so "span" would be output in case the original tag name was created lowercase.
... in html, "span" would be output instead regardless of the case used while creating the original document.

FeaturePolicy.allowsFeature() - Web APIs
syntax const allowed = featurepolicy.allowsfeature(<feature>) or const allowed = featurepolicy.allowsfeature(<feature>, <origin>) parameters feature name a specific feature name must be specified.
... origin name optional an origin url to check the feature on.
... if it is omitted the default origin is used.

FeaturePolicy.getAllowlistForFeature() - Web APIs
however, it will also return empty array, inditating that no origin is allowed to use the feature.
... example the followin example prints all the origins that are allowed to use camera api by the feature policy.
... // first, get the feature policy object const featurepolicy = document.featurepolicy // then query feature for specific const allowlist = featurepolicy.getallowlistforfeature("camera") for (const origin of allowlist){ console.log(origin) } specification specification status comment feature policythe definition of 'getallowlistforfeature' in that specification.

FileSystemEntry - Web APIs
you can use the filesystem: scheme on google chrome to see all the files and folders that are stored in the origin of your app.
... just use filesystem: scheme for the root directory of the origin of the app.
...chrome shows a read-only list of all the files and folders stored the origin of your app.

FileSystemEntrySync - Web APIs
you can use the filesystem: scheme on google chrome to see all the files and folders that are stored in the origin of your app.
... just use filesystem: scheme for the root directory of the origin of the app.
...chrome shows a read-only list of all the files and folders stored the origin of your app.

HTMLIFrameElement - Web APIs
htmliframeelement.allow is a list of origins the the frame is allowed to display content from.
... this attribute also accepts the values self and src which represent the origin in the iframe's src attribute.
... htmliframeelement.allowpaymentrequest is a boolean indicating whether the payment request api may be invoked inside a cross-origin iframe.

HTMLImageElement.referrerPolicy - Web APIs
"origin" meaning that the referrer will be the origin of the page, that is roughly the scheme, the host and the port.
... "unsafe-url" meaning that the referrer will include the origin and the path (but not the fragment, password, or username).
... examples var img = new image(); img.src = 'img/logo.png'; img.referrerpolicy = 'origin'; var div = document.getelementbyid('divaround'); div.appendchild(img); // fetch the image using the origin as the referrer specifications specification status comment referrer policythe definition of 'referrerpolicy attribute' in that specification.

In depth: Microtasks and the JavaScript runtime environment - Web APIs
there are three types of event loop: window event loop the window event loop is the one that drives all of the windows sharing a similar origin (though there are further limits to this as described elsewhere in this article xxxx ????).
... several windows loaded from the same origin may be running on the same event loop, each queueing tasks onto the event loop so that their tasks take turns with the processor, one after another.
... there are specific circumstances in which this sharing of an event loop among windows with a common origin is possible, such as: if one window opened the other window, they are likely to be sharing an event loop.

Using IndexedDB - Web APIs
security indexeddb uses the same-origin principle, which means that it ties the store to the origin of the site that creates it (typically, this is the site domain or subdomain), so it cannot be accessed by any other origin.
...dy> <tr> <td> <label for="pub-file"> file image: </label> </td> <td> <input type="file" id="pub-file"/> </td> </tr> <tr> <td> <label for="pub-file-url"> online-file image url:<br/> <span class="note">(same origin url)</span> </label> </td> <td> <input type="text" id="pub-file-url" name="pub-file-url"/> </td> </tr> </tbody> </table> <div class="button-pane"> <input type="button" id="add-button" value="add publication" /> <input type="reset" id="register-form-reset"/> </div> </form> ...
...the resource behind this url is subjected to the * "same origin policy", thus for this method to work, the url must come from * the same origin as the web site/app this code is deployed on.

MouseEvent.pageX - Web APIs
originally, this property was defined as a long integer.
... this property was originally specified in the touch events specification as a long integer, but was redefined in the cssom view module to be a double-precision floating-point number to allow for subpixel precision.
... let's take a look at a simple example that shows you the mouse's position relative to the page's origin.

Notification.requestPermission() - Web APIs
the requestpermission() method of the notification interface requests permission from the user for the current origin to display notifications.
...possible values for this string are: granted denied default examples assume this basic html: <button onclick="notifyme()">notify me!</button> it's possible to send a notification as follows — here we present a fairly verbose and complete set of code you could use if you wanted to first check whether notifications are supported, then check if permission has been granted for the current origin to send notifications, then request permission if required, before then sending a notification.
...} we no longer show a live sample on this page, as chrome and firefox no longer allow notification permissions to be requested from cross-origin <iframe>s, with other browsers to follow.

PaymentRequestEvent - Web APIs
paymentrequestoriginread only returns the origin where the paymentrequest object was initialized.
... toporiginread only returns the top-level origin where the paymentrequest object was initialized.
... methods openwindow() opens the specified url in a new window, if and only if the given url is on the same origin as the calling page.

performance.now() - Web APIs
the returned value represents the time elapsed since the time origin.
... starting with firefox 79, high resolution timers can be used if you cross-origin isolate your document using the cross-origin-opener-policy and cross-origin-embedder-policy headers: cross-origin-opener-policy: same-origin cross-origin-embedder-policy: require-corp these headers ensure a top-level document does not share a browsing context group with cross-origin documents.
... coop process-isolates your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed xs-leaks.

PublicKeyCredentialRequestOptions.rpId - Web APIs
its value can only be a suffix of the current origin's domain.
...if it is not explicitely provided, the user agent will use the value of the current origin's domain.
...its value can only be a suffix of the current origin's domain.

RTCRtpSender.replaceTrack() - Web APIs
typeerror the new track's kind doesn't match the original track.
... the new track is a video track and its raw or pre-encoded state differs from that of the original track.
... the new track is an audio track with a different number of channels fom the original.

Request - Web APIs
request.context read only contains the context of the request (e.g., audio, image, iframe, etc.) request.credentials read only contains the credentials of the request (e.g., omit, same-origin, include).
... the default is same-origin.
... request.method read only contains the request's method (get, post, etc.) request.mode read only contains the mode of the request (e.g., cors, no-cors, same-origin, navigate.) request.redirect read only contains the mode for how redirects are handled.

Response.type - Web APIs
it can be one of the following: basic: normal, same origin response, with all headers exposed except “set-cookie” and “set-cookie2″.
... cors: response was received from a valid cross-origin request.
... opaque: response for “no-cors” request to cross-origin resource.

ServiceWorkerRegistration.getNotifications() - Web APIs
the getnotifications() method of the serviceworkerregistration interface returns a list of the notifications in the order that they were created from the current origin via the current service worker registration.
... origins can have many active but differently-scoped service worker registrations.
... notifications created by one service worker on the same origin will not be available to other active services workers on that same origin.

StorageManager.estimate() - Web APIs
the estimate() method of the storagemanager interface asks the storage manager for how much storage the current origin takes up (usage), and how much space is available (quota).
...this dictionary contains estimates of how much space is available to the origin in storageestimate.quota, as well as how much is currently used in storageestimate.usage.
... you may find that the quota varies from origin to origin.

Using the Storage Access API - Web APIs
the storage access api should be used by embedded cross-origin documents to verify whether they have access to their first-party storage and, if not, to request access.
... accessing a user's cookies in an embedded cross-origin iframe in this example we show how an embedded cross-origin <iframe> can access a user’s cookies under a storage access policy that blocks third-party cookies.
... first of all, if the <iframe> is sandboxed, the embedding website needs to add the allow-storage-access-by-user-activation sandbox token to allow storage access requests to be successful, along with allow-scripts and allow-same-origin to allow it to call the api, and execute in an origin that can have cookies: <iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"> ...

Streams API concepts - Web APIs
in javascript, this is achieved via the readablestream.tee() method — it outputs an array containing two identical copies of the original readable stream, which can then be read independently by two separate readers.
... the start of the pipe chain is called the original source, and the end is called the ultimate sink.
...when a stream later in the chain is still busy and isn't yet ready to accept more chunks, it sends a signal backwards through the chain to tell earlier transform streams (or the original source) to slow down delivery as appropriate so that you don't end up with a bottleneck anywhere.

VisualViewport - Web APIs
visualviewport.pageleft read only returns the x coordinate of the visual viewport relative to the initial containing block origin of the top edge in css pixels.
... visualviewport.pagetop read only returns the y coordinate of the visual viewport relative to the initial containing block origin of the top edge in css pixels.
... var bottombar = document.getelementbyid('bottombar'); var viewport = window.visualviewport; function viewporthandler() { var layoutviewport = document.getelementbyid('layoutviewport'); // since the bar is position: fixed we need to offset it by the visual // viewport's offset from the layout viewport origin.

WebGL model view projection - Web APIs
these composed matrices ultimately move the original model data around into a special coordinate space called clip space.
... the first matrix discussed below is the model matrix, which defines how you take your original model data and move it around in 3d world space.
...this is a handy way to represent a ray shooting off from the origin in a specific direction.

Movement, orientation, and motion: A WebXR example - Web APIs
the origin of the new space is located at the world coordinates specified by the viewerstartposition and its orientation set to cubeorientation.
... moving using the keyboard in order to allow the user to move through the 3d world even if they don't have a webxr device with the inputs to perform movement through space, our handler for keydown events, handlekeydown(), responds by updating offsets from the object's origin based on which key was pressed.
...verticaldistance, z: axialdistance}, {x: inverseorientation[0], y: inverseorientation[1], z: inverseorientation[2], w: inverseorientation[3]}); mat4.copy(mousematrix, newtransform.matrix); return refspace.getoffsetreferencespace(newtransform); } if all the input offsets are zero, we just return the original reference space.

WebXR Device API - Web APIs
the space's coordinate system has its origin at the a given physical position.
...unlike xrreferencespace, the origin must be located on the floor (that is, y = 0 at the floor).
... the x and z components of the origin are typically presumed to be located at or near the center of the room or surface.

Web Locks API - Web APIs
while held, no other script executing in the same origin can acquire the same lock, which allows a web app running in multiple tabs or workers to coordinate work and the use of resources.
... the api provides optional functionality that may be used as needed, including: returning values from the asynchronous task shared and exclusive lock modes conditional acquisition diagnostics to query the state of locks in an origin an escape hatch to protect against deadlocks locks are scoped to origins; the locks acquired by a tab from https://example.com have no effect on the locks acquired by a tab from https://example.org:8080 as they are separate origins.
... monitoring the navigator.locks.query() method can be used by scripts to introspect the state of the lock manager for the origin.

Using the Web Storage API - Web APIs
the two mechanisms within web storage are as follows: sessionstorage maintains a separate storage area for each given origin that's available for the duration of the page session (as long as the browser is open, including page reloads and restores).
...a different storage object is used for the sessionstorage and localstorage for each origin — they function and are controlled separately.
...ntent = e.key; document.queryselector('.my-old').textcontent = e.oldvalue; document.queryselector('.my-new').textcontent = e.newvalue; document.queryselector('.my-url').textcontent = e.url; document.queryselector('.my-storage').textcontent = json.stringify(e.storagearea); }); here we add an event listener to the window object that fires when the storage object associated with the current origin is changed.

Web Storage API - Web APIs
web storage concepts and usage the two mechanisms within web storage are as follows: sessionstorage maintains a separate storage area for each given origin that's available for the duration of the page session (as long as the browser is open, including page reloads and restores) stores data only for a session, meaning that the data is stored until the browser (or tab) is closed.
...a different storage object is used for the sessionstorage and localstorage for each origin — they function and are controlled separately.
... note: from firefox 45 onwards, when the browser crashes/restarts, the amount of data saved per origin is limited to 10mb.

WindowOrWorkerGlobalScope - Web APIs
windoworworkerglobalscope.crossoriginisolated read only returns a boolean value that indicates whether a sharedarraybuffer can be sent via a window.postmessage() call.
... windoworworkerglobalscope.origin read only returns the origin of the global scope, serialized as a string.
...optionally the source is cropped to the rectangle of pixels originating at (sx, sy) with width sw, and height sh.

XRInputSource.gripSpace - Web APIs
the read-only xrinputsource property gripspace returns an xrspace whose native origin tracks the pose used to render virtual objects so they appear to be held in (or part of) the user's hand.
... for example, if a user were holding a virtual straight rod, the native origin of this xrspace would be located at the approximate center of mass of the user's fist.
...the native origin of the grip space is located at the centroid—the center of mass—of the user's fist, tracking the position of the user's hand.

XRReferenceSpaceEvent - Web APIs
transform read only an xrrigidtransform object indicating the position and orientation of the specified referencespace's native origin after the event, defined relative to the coordinate system before the event.
... event types reset the reset event is sent to a reference space when its native origin is changed due to a discontinuity, recalibration, or device reset.
... this is an opportunity for your app to update any stored transforms, position/orientation information, or the like—or to dump any cached values based on the reference's space's origin so you can recompute them as needed.

XRSpace - Web APIs
the xrspace interface of the webxr device api is an abstract interface providing a common basis for every class which represents a virtual coordinate system within the virtual world, in which its origin corresponds to a physical location.
... numeric values such as pose positions are thus coordinates in the corresponding xrspace, relative to that space's origin.
...the origin of an xrboundedreferencespace is always at floor level, with its x and z coordinates typically defaulting to a location near the room's center.

XRViewport - Web APIs
x read only the offset from the origin of the destination graphics surface (typically a xrwebgllayer) to the left edge of the viewport, in pixels.
... y read only the offset from the origin of the viewport to the bottom edge of the viewport; webgl's coordinate system places (0, 0) at the bottom left corner of the surface.
...the precise orientation of the coordinate system may vary with other surface types, but in webgl, the origin (0, 0) is located at the bottom-left corner of the surface.

Variable fonts guide - CSS: Cascading Style Sheets
conversely, when a much larger size was being used (like 48 or 60px), there might be much greater variation in thick and thin stroke weights, showing the typeface design more in line with the original intent.
... while this was originally done to compensate for the ink and paper printing process (very thin lines at small sizes often didn’t print, giving the letterforms a broken appearance), it translates well to digital displays when compensating for screen quality and physical size rendering.
... resources w3c css fonts module 4 specification (editor’s draft) w3c github issue queue microsoft open type variations introduction microsoft opentype design-variation axis tag registry wakamai fondue (a site that will tell you what your font can do via a simple drag-and-drop inspection interface) axis praxis (the original variable fonts playground site) v-fonts.com (a catalog of variable fonts and where to get them) font playground (another playground for variable fonts with some very unique approaches to user interface) ...

Mozilla CSS extensions - CSS: Cascading Style Sheets
animation-iteration-count [prefixed version still accepted] -moz-animation-name [prefixed version still accepted] -moz-animation-play-state [prefixed version still accepted] -moz-animation-timing-function [prefixed version still accepted] -moz-appearance b -moz-backface-visibility [prefixed version still accepted] -moz-background-clipobsolete since gecko 2 -moz-background-originobsolete since gecko 2 -moz-background-inline-policyobsolete since gecko 32 [superseded by the standard version box-decoration-break] -moz-background-sizeobsolete since gecko 2 -moz-border-end [superseded by the standard version border-inline-end] -moz-border-end-color [superseded by the standard version border-inline-end-color] -moz-border-end-style [superseded by the standard version ...
...solete since gecko 1.9.2 -moz-outline-offsetobsolete since gecko 1.9.2 -moz-outline-styleobsolete since gecko 1.9.2 -moz-outline-widthobsolete since gecko 1.9.2 p -moz-padding-end [superseded by the standard version padding-inline-start] -moz-padding-start [superseded by the standard version padding-inline-end] -moz-perspective [prefixed version still accepted] -moz-perspective-origin [prefixed version still accepted] pointer-events [applying to more than svg] t–u -moz-tab-size -moz-text-align-lastobsolete since gecko 53 -moz-text-decoration-colorobsolete since gecko 39 -moz-text-decoration-lineobsolete since gecko 39 -moz-text-decoration-styleobsolete since gecko 39 -moz-text-size-adjust -moz-transform [prefixed version still accepted] -moz-transfor...
...m-origin [prefixed version still accepted] -moz-transform-style [prefixed version still accepted] -moz-transition [prefixed version still accepted] -moz-transition-delay [prefixed version still accepted] -moz-transition-duration [prefixed version still accepted] -moz-transition-property [prefixed version still accepted] -moz-transition-timing-function [prefixed version still accepted] -moz-user-select values global values -moz-initial -moz-appearance button button-arrow-down button-arrow-next button-arrow-previous button-arrow-up button-bevel checkbox checkbox-container checkbox-label checkmenuitem dialog groupbox listbox menuarrow menucheckbox menuimage menuitem menuitemtext menulist menulist-button menulist-text menulist-textfield men...

background-position - CSS: Cascading Style Sheets
the position is relative to the position layer set by background-origin.
...it also applies to ::first-letter and ::first-line.inheritednopercentagesrefer to the size of the background positioning area minus size of background image; size refers to the width for horizontal offsets and to the height for vertical offsetscomputed valuea list, each item consisting of two keywords representing the origin and two offsets from that origin, each given as an absolute length (if given a <length>), otherwise as a percentageanimation typerepeatable list of simple list of length, percentage, or calc formal syntax <bg-position>#where <bg-position> = [ [ left | center | right | top | bottom | <length-percentage> ] | [ left | center | right | <length-percentage> ] [ top | center | bottom | <length-percent...
... see also background-position-x background-position-y background-position-inline background-position-block using multiple backgrounds transform-origin ...

Getting Started - Developer guides
its predecessor originated in internet explorer as an activex object called xmlhttp.
... then, mozilla, safari, and other browsers followed, implementing an xmlhttprequest object that supported the methods and properties of microsoft's original activex object.
...however, let's say the server is going to return both the computed string and the original user data.

<input type="range"> - HTML: Hypertext Markup Language
.slider-wrapper { display: inline-block; width: 20px; height: 150px; padding: 0; } then comes the style information for the <input> element within the reserved space: .slider-wrapper input { width: 150px; height: 20px; margin: 0; transform-origin: 75px 75px; transform: rotate(-90deg); } the size of the control is set to be 150 pixels long by 20 pixels tall.
... the margins are set to 0 and the transform-origin is shifted to the middle of the space the slider rotates through; since the slider is configured to be 150 pixels wide, it rotates through a box which is 150 pixels on each side.
... offsetting the origin by 75px on each axis means we will rotate around the center of that space.

Preloading content with rel="preload" - HTML: Hypertext Markup Language
cross-origin fetches if you've got your sites' cors settings worked out properly, you can successfully preload cross-origin resources as long as you set a crossorigin attribute on your <link> element.
... one interesting case where this applies, even if the fetch is not cross-origin, is font files.
...you can see the full example source code on github (also see it live): <head> <meta charset="utf-8"> <title>web font example</title> <link rel="preload" href="fonts/cicle_fina-webfont.woff2" as="font" type="font/woff2" crossorigin> <link rel="preload" href="fonts/zantroke-webfont.woff2" as="font" type="font/woff2" crossorigin> <link href="style.css" rel="stylesheet"> </head> <body> … </body> not only are we providing the mime type hints in the type attributes, but we are also providing the crossorigin attribute to handle the cors issue.

HTTP authentication - HTTP
authentication of cross-origin images a potential security hole recently been fixed by browsers is authentication of cross-site images.
... from firefox 59 onwards, image resources loaded from different origins to the current document are no longer able to trigger http authentication dialogs (bug 1423146), preventing user credentials being stolen if attackers were able to embed an arbitrary image into a third-party page.
... bearer see rfc 6750, bearer tokens to access oauth 2.0-protected resources digest see rfc 7616, only md5 hashing is supported in firefox, see bug 472823 for sha encryption support hoba see rfc 7486, section 3, http origin-bound authentication, digital-signature-based mutual see rfc 8120 aws4-hmac-sha256 see aws docs basic authentication scheme the "basic" http authentication scheme is defined in rfc 7617, which transmits credentials as user id/password pairs, encoded using base64.

HTTP conditional requests - HTTP
for unsafe methods, like put, which usually uploads a document, the conditional request can be used to upload the document, only if the original it is based on is the same as that stored on the server.
...the client first reads the original files, modifies them, and finally pushes them to the server: unfortunately, things get a little inaccurate as soon as we take into account concurrency.
...if the etag doesn't match the original file, or if the file has been modified since it has been obtained, the change is simply rejected with a 412 precondition failed error.

CSP: sandbox - HTTP
it applies restrictions to a page's actions including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy.
... allow-same-origin allows the content to be treated as being from its normal origin.
... if this keyword is not used, the embedded content is treated as being from a unique origin.

X-Forwarded-For - HTTP
the x-forwarded-for (xff) header is a de-facto standard header for identifying the originating ip address of a client connecting to a web server through an http proxy or a load balancer.
...to see the original ip address of the client, the x-forwarded-for request header is used.
...this means, the right-most ip address is the ip address of the most recent proxy and the left-most ip address is the ip address of the originating client.

OPTIONS - HTTP
options /resources/post-here/ http/1.1 host: bar.example accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-us,en;q=0.5 accept-encoding: gzip,deflate connection: keep-alive origin: https://foo.example access-control-request-method: post access-control-request-headers: x-pingother, content-type the server now can respond if it will accept a request under these circumstances.
... in this example, the server response says that: access-control-allow-origin the https://foo.example origin is permitted to request the bar.example/resources/post-here/ url via the following: access-control-allow-methods post, get, and options are permitted methods for the url.
... http/1.1 204 no content date: mon, 01 dec 2008 01:15:39 gmt server: apache/2.0.61 (unix) access-control-allow-origin: https://foo.example access-control-allow-methods: post, get, options access-control-allow-headers: x-pingother, content-type access-control-max-age: 86400 vary: accept-encoding, origin keep-alive: timeout=2, max=100 connection: keep-alive specifications specification title rfc 7231, section 4.3.7: options hypertext transfer protocol (http/1.1): semantics and content...

Network Error Logging - HTTP
usage web applications opt in to this behaviour with the nel header, which is a json-encoded object: nel: { "report_to": "nel", "max_age": 31556952 } an origin considered secure by the browser is required.
... include_subdomains if true, the policy applies to all subdomains under the origin that the policy header is set.
...servfail) dns.address_changed for security reasons, if the server ip address that delivered the original report is different to the current server ip address at time of error generation, the report data will be downgraded to only include information about this problem and the type set to dns.address_changed.

HTTP resources and specifications - HTTP
proposed standard rfc 7235 hypertext transfer protocol (http/1.1): authentication proposed standard rfc 6265 http state management mechanism defines cookies proposed standard draft spec cookie prefixes ietf draft draft spec same-site cookies ietf draft draft spec deprecate modification of 'secure' cookies from non-secure origins ietf draft rfc 2145 use and interpretation of http version numbers informational rfc 6585 additional http status codes proposed standard rfc 7538 the hypertext transfer protocol status code 308 (permanent redirect) proposed standard rfc 7725 an http status code to report legal obstacles on the standard track rfc 2397 the ...
... proposed standard rfc 6454 the web origin concept proposed standard fetchthe definition of 'cors' in that specification.
... cross-origin resource sharing living standard rfc 7034 http header field x-frame-options informational rfc 6797 http strict transport security (hsts) proposed standard upgrade insecure requests upgrade insecure requests candidate recommendation content security policy 1.0 content security policy 1.0 csp 1.1 and csp 3.0 doesn't extend the http standard obsolete microsoft document specifying legacy document modes* defines x-ua-compatible note rfc 5689 http extensions for web distributed authoring and versioning (webdav) these extensions of the web, as well as carddav and caldav, are out-of-scope for http on the web.

HTTP
cross-origin resource sharing (cors) cross-site http requests are http requests for resources from a different domain than the domain of the resource making the request.
...custom proprietary headers can be added using the x- prefix; others in an iana registry, whose original content was defined in rfc 4229.
...with a few exceptions, policies mostly involve specifying server origins and script endpoints.

Memory Management - JavaScript
x = 1; // now, the object that was originally in 'x' has a unique reference // embodied by the 'y' variable.
... y = 'mozilla'; // the object that was originally in 'x' has now zero // references to it.
... z = null; // the 'a' property of the object originally in x // has zero references to it.

Promise - JavaScript
instance methods promise.prototype.catch() appends a rejection handler callback to the promise, and returns a new promise resolving to the return value of the callback if it is called, or to its original fulfillment value if the promise is instead fulfilled.
... promise.prototype.then() appends fulfillment and rejection handlers to the promise, and returns a new promise resolving to the return value of the called handler, or to its original settled value if the promise was not handled (i.e.
... promise.prototype.finally() appends a handler to the promise, and returns a new promise that is resolved when the original promise is resolved.

Proxy - JavaScript
description a proxy is created with two parameters: target: the original object which you want to proxy handler: an object that defines which operations will be intercepted and how to redefine intercepted operations.
... for example, this code defines a simple target with just two properties, and an even simpler handler with no properties: const target = { message1: "hello", message2: "everyone" }; const handler1 = {}; const proxy1 = new proxy(target, handler1); because the handler is empty, this proxy behaves just like the original target: console.log(proxy1.message1); // hello console.log(proxy1.message2); // everyone to customise the proxy, we define functions on the handler object: const target = { message1: "hello", message2: "everyone" }; const handler2 = { get: function(target, prop, receiver) { return "world"; } }; const proxy2 = new proxy(target, handler2); here we've provided an implementation of the get() handler, which intercepts attempts to access properties in the tar...
...the very simple trap in handler2 above redefines all property accessors: console.log(proxy2.message1); // world console.log(proxy2.message2); // world with the help of the reflect class we can give some accessors the original behavior and redefine others: const target = { message1: "hello", message2: "everyone" }; const handler3 = { get: function (target, prop, receiver) { if (prop === "message2") { return "world"; } return reflect.get(...arguments); }, }; const proxy3 = new proxy(target, handler3); console.log(proxy3.message1); // hello console.log(proxy3.message2); // world constructor proxy() creates a new proxy object.

Autoplay guide for media and Web Audio APIs - Web media technologies
you can also specify 'none' to disable autoplay entirely, '*' to allow autoplay from all domains, or one or more specific origins from which media can be automatically played.
... these origins are separated by space characters.
... example: allowing autoplay only from the document's domain to use the feature-policy header to only allow media to autoplay from the document's origin: feature-policy: autoplay 'self' to do the same for an <iframe>: <iframe src="mediaplayer.html" allow="autoplay 'src'"> </iframe> example: allowing autoplay and fullscreen mode adding fullscreen api permission to the previous example results in a feature-policy header like the following if fullscreen access is allowed regardless of the domain; a domain restriction can be added as we...

d - SVG: Scalable Vector Graphics
value <string> default value none animatable yes note: the point of origin (the coordinate 0,0) is usually the upper left corner of the context.
... however the <glyph> element has its origin in the bottom left corner of its letterbox.
... note: the appearance of a shape closed with closepath may be different to that of one closed by drawing a line to the origin, using one of the other commands, because the line ends are joined together (according to the stroke-linejoin setting), rather than just being placed at the same coordinates.

Web security
robots.txt to be written site maps to be written integrity same-origin policy the same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin.
... http access-control-allow-origin the access-control-allow-origin response header indicates whether the response can be shared with requesting code from the given origin.
...ryptographic hash function cryptography csp csrf decryption digital certificate dtls encryption forbidden header name forbidden response header name hash hmac hpkp hsts https key mitm owasp preflight request public-key cryptography reporting directive robots.txt same-origin policy session hijacking sql injection symmetric-key cryptography tofu tls ...

Transforming XML with XSLT - XSLT: Extensible Stylesheet Language Transformations
built from the ground up utilizing a wide variety of xml technologies, firefox incorporates within itself all of the mechanisms needed to process both original xml documents and the specialized stylesheets used to style and lay them out for html display, reducing server load with client-side processing.
...ed) substring() (supported) substring-after() (supported) substring-before() (supported) sum() (supported) system-property() (supported) translate() (supported) true() (supported) unparsed-entity-url() (not supported) for further reading books online the world wide web consortium portals articles tutorials/examples mailing lists/newsgroups resources index original document information copyright information: copyright © 2001-2003 netscape.
... note: this reprinted article was originally part of the devedge site.

Communicating With Other Scripts - Archive of obsolete content
age script", "http://my-domain.org/"); } </script> <button onclick="sendmessage()">send message</button> </body> </html> finally, the content script "listen.js" uses window.addeventlistener() to listen for messages from the page script: // listen.js window.addeventlistener('message', function(event) { console.log(event.data); // message from page script console.log(event.origin); }, false); using postmessage() before firefox 31 if your add-on is running in a version of firefox before firefox 31, then your content script can't access the postmessage() or addeventlistener() apis using window, but must access them using document.defaultview instead.
... so the content scripts in the above examples need to be rewritten like this: // content-script.js document.defaultview.postmessage("message from content script", "http://my-domain.org/"); // content-script.js document.defaultview.addeventlistener('message', function(event) { console.log(event.data); // message from page script console.log(event.origin); }, false); using custom dom events as an alternative to using postmessage() you can use custom dom events to communicate between page scripts and content scripts.

Interacting with page scripts - Archive of obsolete content
age script", "http://my-domain.org/"); } </script> <button onclick="sendmessage()">send message</button> </body> </html> finally, the content script "listen.js" uses window.addeventlistener() to listen for messages from the page script: // listen.js window.addeventlistener('message', function(event) { console.log(event.data); // message from page script console.log(event.origin); }, false); postmessage() before firefox 31 if your add-on is running in a version of firefox before firefox 31, then your content script can't access the postmessage() or addeventlistener() apis using window, but must access them using document.defaultview instead.
... so the content scripts in the above examples need to be rewritten like this: // talk.js document.defaultview.postmessage("message from content script", "http://my-domain.org/"); // listen.js document.defaultview.addeventlistener('message', function(event) { console.log(event.data); // message from page script console.log(event.origin); }, false); using custom dom events as an alternative to using postmessage() you can use custom dom events to communicate between page scripts and content scripts.

url - Archive of obsolete content
origin the canonical form of the origin for this url, as a string.
... mirrors window.location.origin.

Creating annotations - Archive of obsolete content
it is initially off: var matchedelement = null; var originalbgcolor = null; var active = false; function resetmatchedelement() { if (matchedelement) { (matchedelement).css('background-color', originalbgcolor); (matchedelement).unbind('click.annotator'); } } self.on('message', function onmessage(activation) { active = activation; if (!active) { resetmatchedelement(); } }); this selector listens for occurrences of the jquery mousee...
... $('*').mouseenter(function() { if (!active || $(this).hasclass('annotated')) { return; } resetmatchedelement(); ancestor = $(this).closest("[id]"); matchedelement = $(this).first(); originalbgcolor = $(matchedelement).css('background-color'); $(matchedelement).css('background-color', 'yellow'); $(matchedelement).bind('click.annotator', function(event) { event.stoppropagation(); event.preventdefault(); self.port.emit('show', [ document.location.tostring(), $(ancestor).attr("id"), $(matchedelement).text() ] ); }); }); converse...

HTML to DOM - Archive of obsolete content
me.webnavigation.allowauth = false; frame.webnavigation.allowimages = false; frame.webnavigation.allowjavascript = false; frame.webnavigation.allowmetaredirects = true; frame.webnavigation.allowplugins = false; frame.webnavigation.allowsubframes = false; // listen for load frame.addeventlistener("load", function (event) { // the document of the html in the dom var doc = event.originaltarget; // skip blank page or frame if (doc.location.href == "about:blank" || doc.defaultview.frameelement) return; // do something with the dom of doc alert(doc.location.href); // when done remove frame or set location "about:blank" settimeout(function (){ var frame = document.getelementbyid("sample-frame"); // remove frame // frame.destroy(); // i...
...let's take a look at the donkeyfire.donkeybrowser_onpageload() handler: donkeybrowser_onpageload: function(aevent) { var doc = aevent.originaltarget; var url = doc.location.href; if (aevent.originaltarget.nodename == "#document") { // ok, it's a real page, let's do our magic dump("[df] url = "+url+"\n"); var text = doc.evaluate("/html/body/h1",doc,null,xpathresult.string_type,null).stringvalue; dump("[df] text in /html/body/h1 = "+text+"\n"); } }, as you can see, we obtain full access to the dom of the page we loaded in bac...

LookupPrefix - Archive of obsolete content
de if (node.ownerelement) { return _lookupnamespaceprefix(namespaceuri, node.ownerelement); } return null; default: if (node.parentnode) { // entityreferences may have to be skipped to get to it return _lookupnamespaceprefix(namespaceuri, node.parentnode); } return null; } } // private function for lookupprefix only function _lookupnamespaceprefix (namespaceuri, originalelement) { var xmlnspattern = /^xmlns:(.*)$/; if (originalelement.namespaceuri && originalelement.namespaceuri === namespaceuri && originalelement.prefix && originalelement.lookupnamespaceuri(originalelement.prefix) === namespaceuri) { return originalelement.prefix; } if (originalelement.attributes && originalelement.attributes.length) { for (var i=0; i < originalelement.attributes.le...
...ngth; i++) { var att = originalelement.attributes[i]; xmlnspattern.lastindex = 0; var localname = att.localname || att.name.substr(att.name.indexof(':')+1); // latter test for ie which doesn't support localname if (localname.indexof(':') !== -1) { // for firefox when in html mode localname = localname.substr(att.name.indexof(':')+1); } if ( xmlnspattern.test(att.name) && att.value === namespaceuri && lookupnamespaceuri(originalelement, localname) === namespaceuri ) { return localname; } } } if (originalelement.parentnode) { // entityreferences may have to be skipped to get to it return _lookupnamespaceprefix(namespaceuri, originalelement.parentnode); } return null; } ...

Enhanced Extension Installation - Archive of obsolete content
if the item is determined compatible by either of the above processes, a copy of the item's file is staged into the install location directory under a hierarchy like so: <staged-xpis>/guid/foo.xpi (where foo.xpi is the original file name of the file) since xpinstall cleans up the file it supplies when the install function returns.
... original document information author(s): ben goodger last updated date: april 18, 2005 copyright information: copyright (c) ben goodger ...

How to convert an overlay extension to restartless - Archive of obsolete content
this tutorial was originally written by dave garrett from his experience porting the flagfox extension.
... further reading author original article.

Chapter 1: Introduction to Extensions - Archive of obsolete content
this document was authored by hideyuki emura and was originally published in japanese for the firefox developers conference summer 2007.
... 1 one of the authors of this special edition, piro, is world-famous as one of the original developers.

Chapter 5: Let's build a Firefox extension - Archive of obsolete content
« previousnext » this document was authored by taiga (gomita) gomibuchi and was originally published in japanese for the firefox developers conference summer 2007.
...lines 7–9 use the nslsessionstore interface’s setwindowstate method to restore the session, using the current window as an origin point.

Custom XUL Elements with XBL - Archive of obsolete content
all you need to do is match the names of the originals.
... all methods and properties that are not overriden will maintain their original behavior.

Session store API - Archive of obsolete content
if your extension wants to be able to restore data when tabs are restored, you can install a listener like this: function myextensionhandlerestore(aevent) { var tab = event.originaltarget; /* the tab being restored */ var uri = tab.linkedbrowser.contentdocument.location; /* the tab's uri */ components.classes["@mozilla.org/consoleservice;1"] .getservice(components.interfaces.nsiconsoleservice) .logstringmessage("restoring tab: " + uri); }; document.addeventlistener("sstabrestoring", myextensionhandlerestore, false); simply replace the...
...you can determine which tab is being restored by looking at the event's originaltarget field.

Search Extension Tutorial (Draft) - Archive of obsolete content
var defaultprefs = services.prefs.getdefaultbranch(""); // save the original values.
... if (localized) value = "data:text/plain," + encodeuricomponent(name + "=" + value.replace(/ /g, "\\u0020")); // save the original and new values.

Add-ons - Archive of obsolete content
firefox addons developer guide the original document is in japanese and distributed via the xuldev.org website.
...this functionality originally appeared in firefox mobile and is now available in firefox on the desktop as well.

Case Sensitivity in class and id Names - Archive of obsolete content
related links html 4.01, section 7.5.2 html 4.01, section 12.2.3 original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

Index of archived content - Archive of obsolete content
ui pydom rdf api rdf datasource how-to reading textual data remote xul remote debugging rsyncing the cvs repository running windows debug builds downloaded from tinderbox sxsw 2007 presentations safe browsing safe browsing: design documentation safely loading uris same origin policy for xbl space manager detailed design space manager high level design standalone xpcom standard makefile header static analysis for windows code under linux stress testing string quick reference string rosetta stone structure of an installable bundle supporting per-window private browsing ...
...efining cross-browser tooltips environment variables affecting crash reporting io guide images, tables, and mysterious gaps installing plugins to gecko embedding browsers on windows mcd, mission control desktop, aka autoconfig monitoring wifi access points no proxy for configuration notes on html reflow same-origin policy for file: uris source navigator source code directories overview using xml data islands in mozilla using content preferences visualizing an audio spectrum working with bfcache cert_override.txt mozilla release faq newsgroup summaries format mozill...

Autodial for Windows NT - Archive of obsolete content
origin of the bug before the implementation of the autodial helper feature, mozilla would trigger the autodial feature on nt-based operating systems, but only if certain conditions are met.
... original document information author(s): benjamin chuang last updated date: october 2, 2002 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Getting Started - Archive of obsolete content
remember if at any point you wish to revert back to the original code again, just extract this jar over top of what you've modified.
...delete the bolded text: original skin,install,url,jar:resource:/chrome/classic.jar!/skin/classic/global/ modified skin,install,url,resource:/chrome/classic/skin/classic/global/ once you have made these modifications, save them and run mozilla.

Creating a Skin for Mozilla - Archive of obsolete content
organizing images adding an image to the right of a toolbar jar file installer utility (provided by neil marshall) frequently asked questions links original document information author: neil marshall other contributors (suggestions/corrections): brent marshall, cdn (http://themes.mozdev.org), jp martin, boris zbarsky, asa dotzler, wesayso, david james, dan mauch last updated date: jan 5th, 2003 copyright information: copyright 2002-2003 neil marshall, permission given to devmo to migrate into the wiki april 2005 via email.
... original location: http://www.eightlines.com/neil/mozskin ...

Dehydra Object Reference - Archive of obsolete content
.typedef type object if this is a typedef, the original type.
...the variantof property allows access to the original type object.

Drag and Drop JavaScript Wrapper - Archive of obsolete content
it takes three arguments, the event object as was originally passed to the event handler, the data to drag and the type of drag action.
... « previousnext » original document information author(s): neil deakin original document: http://xulplanet.com/tutorials/mozsdk/dragwrap.php copyright information: copyright (c) neil deakin ...

jspage - Archive of obsolete content
c){if(c==null){for(var e in a){object.reset(a,e); }return a;}delete a[c];switch($type(a[c])){case"object":var d=function(){};d.prototype=a[c];var b=new d;a[c]=object.reset(b);break;case"array":a[c]=$unlink(a[c]); break;}return a;};new native({name:"class",initialize:class}).extend({instantiate:function(b){b._prototyping=true;var a=new b;delete b._prototyping;return a; },wrap:function(a,b,c){if(c._origin){c=c._origin;}return function(){if(c._protected&&this._current==null){throw new error('the method "'+b+'" cannot be called.'); }var e=this.caller,f=this._current;this.caller=f;this._current=arguments.callee;var d=c.apply(this,arguments);this._current=f;this.caller=e;return d;}.extend({_owner:a,_origin:c,_name:b}); }});class.implement({implement:function(a,d){if($type(a)=="object"){for(var e in a)...
..."toggle");switch(c){case"in":e.start(d,1);break;case"out":e.start(d,0);break;case"show":e.set(d,1);break;case"hide":e.set(d,0);break;case"toggle":var b=this.retrieve("fade:flag",this.get("opacity")==1); e.start(d,(b)?0:1);this.store("fade:flag",!b);a=true;break;default:e.start(d,arguments);}if(!a){this.eliminate("fade:flag");}return this;},highlight:function(c,a){if(!a){a=this.retrieve("highlight:original",this.getstyle("background-color")); a=(a=="transparent")?"#fff":a;}var b=this.get("tween");b.start("background-color",c||"#ffff88",a).chain(function(){this.setstyle("background-color",this.retrieve("highlight:original")); b.callchain();}.bind(this));return this;}});fx.morph=new class({extends:fx.css,initialize:function(b,a){this.element=this.subject=document.id(b);this.parent(a); },set:functio...

Makefile.mozextension.2 - Archive of obsolete content
note that the original makefile.mozextention merely repeats the steps in getting started with extension development - mozillazine knowledge base (2008).
...then again if you do that, all of the < > will be quoted as & lt ; so again it will be corrupt :( therefore, here is a direct link to this makefile: makefile.mozextension2 ## file: makefile.mozextension2 ## based on http://kb.mozillazine.org/makefile_for_packaging_an_extension ## "this makefile.mozextention is for the test extension" ## the original makefile.mozextention reconstructs http://kb.mozillazine.org/getting_started_with_extension_development # call with: # make -f makefile.mozextension2 make_structure ## (without args for 'all') # note: @echo silent; without @ the command is written in stdout project=test project_name=testworld #~ project_id={xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} project_id=test@testworld.ext project_versio...

Plug-n-Hack Phase1 - Archive of obsolete content
for testing); plug-n-hack requires tool and service manifests to be served from the same origin as the api endpoints but, for testing purposes, ringleader (the firefox addon implementation of the browser component) allows you to set a preference to relax or disable origin checks.
... the preference is ringleader.check.origin this can be set to 'off' to disble origin checks completely, or 'noport' to disable only port checks.

Supporting per-window private browsing - Archive of obsolete content
you can then take action based on this value, as any data or actions originating from this window should be considered private.
...in some cases, there is no logical window object to use (such as when data or an action originate from some other source than web content).

Abc Assembler Tests - Archive of obsolete content
* * the original code is [open source virtual machine.].
... * * the initial developer of the original code is * adobe system incorporated.

Tamarin Acceptance Test Template - Archive of obsolete content
* * the original code is [open source virtual machine.].
... * * the initial developer of the original code is * adobe system incorporated.

URIs and URLs - Archive of obsolete content
gateways, proxies, caches, and name resolution services might be used to access some resources, independent of the protocol of their origin, and the resolution of some url may require the use of more than one protocol (e.g., both dns and http are typically used to access an "http" url's resource when it can't be found in a local cache).
... original document information author(s): andreas otte last updated date: january 2, 2002 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Example Sticky Notes - Archive of obsolete content
the position of the original content is indicated by <children/> tag.
... mouse events sent to bindings are refactored, so event.target / event.relatedtarget always points to the bound element, even if it was originated to/from a child.

popupalign - Archive of obsolete content
the top right cornerbottomleftalign to the bottom left cornerbottomrightalign to the bottom right cornersyntax<element popupalign="none | topleft | topright | bottomleft | bottomright"/> example<element id="edit-context" popup="editor-popup" popupanchor="topleft" popupalign="bottomright"/> notesthe popupalign attribute can be used to specify which corner of the popup content is tied to the originating point.
...this point (either directly under the mouse or attached to one of the four corners) is called the originating point.

Additional Navigation - Archive of obsolete content
for instance, in the original example, we could start at node d and navigate upwards to a and c.
...this is the way that the template system was originaly designed to be used and many of the datasources used by firefox and other mozilla products work with datasources in this way.

Textbox (XPFE autocomplete) - Archive of obsolete content
ontextrevert obsolete since gecko 1.9.1 type: script code note: applies to: thunderbird, seamonkey this event handler is called when the user presses escape to revert the textbox to its original uncompleted value.
... ontextreverted new in thunderbird 3requires seamonkey 2.0 type: script code this event handler is called when the user presses escape to revert the textbox to its original uncompleted value.

Complete - Archive of obsolete content
features of this extension this extension is a more complex version of the original custom toolbar button extension.
...for example, chrome.manifest originally had: content custombutton chrome/ now it has: content allcustom jar:chrome/allcustom.jar!/content/allcustom/ you can see the other changes if you unpack the xpi.

XUL Tutorial - Archive of obsolete content
ding properties adding methods adding event handlers xbl inheritance creating reusable content using css and xbl xbl example specialized window types features of a window creating dialogs open and save dialogs creating a wizard more wizards overlays cross package overlays installation creating an installer install scripts additional install features this xul tutorial was originally created by neil deakin.
... original document information author: neil deakin copyright information: © 1999-2005 xulplanet.com ...

XUL Event Propagation - Archive of obsolete content
event bubbling this availability of events in places other than their element of origin is known as "event propagation" or event bubbling.
... original author: ian oeschger other documents: w3c dom events, mozilla xul events original document information author(s): ian oeschger last updated date: january 18, 2002 copyright information: copyright (c) ian oeschger ...

XUL - Archive of obsolete content
xul tutorial a guided tutorial that will help you get started with xul, originally from xulplanet.
... documentation xul tutorial a guided tutorial that will help you get started with xul, originally from xulplanet.

NPN_GetValue - Archive of obsolete content
npnvdocumentorigin: the value for this variable is the unicode serialization of the origin converted to nfkc-encoded (normalized) utf-8.
...for more information, see the document origin specification.

NPWindow - Archive of obsolete content
x, y the x and y coordinates for the top left corner of the plug-in relative to the page (and thus relative to the origin of the drawable).
... cliprect clipping rectangle of the plug-in; the origin is the top left corner of the drawable or window.

What is RSS - Archive of obsolete content
this version of rss was no longer purely xml-based, but was rdf-based (like the original and now deprecated rss 0.90).
...in november 2002 and again in january 2003, rss 2.0 was changed from its original specification by userland.

Security Controls - Archive of obsolete content
original document information author(s): u.s.
... original document information author(s): karen scarfone, wayne jansen, and miles tracy title: nist special publication 800-123, guide to general server security last updated date: july 2008 copyright information: this document is not subject to copyright.

Encryption and Decryption - Archive of obsolete content
a person with an unauthorized symmetric key not only can decrypt messages sent with that key, but can encrypt new messages and send them as if they came from one of the two parties who were originally using the key.
... original document information author(s): ella deon lackey last updated date: 2012 copyright information: © 2012 red hat, inc.

Creating a Skin for Firefox - Archive of obsolete content
contents getting started original document information author(s): neil marshall and tucker lee other contributors: brent marshall, cdn (http://themes.mozdev.org), jp martin, boris zbarsky, asa dotzler, wesayso, david james, dan mauch, anders conbere, tim regula (http://www.igraphics.nn.cx) copyright information: copyright 2002-2003 neil marshall, permission given to mdc to migrate into the wiki april 2005 via email.
... original location: http://www.eightlines.com/neil/mozskin ...

Browser Feature Detection - Archive of obsolete content
generatereport(document, 'domhtml', 'document'); generatereport(document.body.style, 'domcss1', 'document.body.style'); generatereport(document.body.style, 'domcss2', 'document.body.style'); window.onerror = oldonerror; see also browser detection and cross browser support comparison of layout engines web specifications supported in opera 9 what's new in internet explorer 7 (script) original document information author(s): (unknown) last updated date: updated march 16, 2003 copyright information: copyright © 2001-2003 netscape.
... note: this reprinted article was originally part of the devedge site.

::-ms-browse - Archive of obsolete content
-ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-browse example html <label>select image: <input type="file"></label> css input[type="file"]::-ms-browse { color: red; background-color: yellow; } result output example specifications not part of any specification.

::-ms-check - Archive of obsolete content
-ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-check example html <form> <label for="redbutton">red</label> <input type="radio" id="redbutton"><br> <label for="greencheckbox">green</label> <input type="checkbox" id="greencheckbox"> </form> css input, label { display: inline; } input[type=radio]::-ms-check { border-color: red; /* this will make the border red when the button is checked.

::-ms-clear - Archive of obsolete content
-ms-high-contrast-adjust background-clip background-color background-image background-origin background-position-x background-position-y background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-s...
...tyle border-top-width box-shadow box-sizing color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-clear example html <form> <label for="firstname">first name:</label> <input type="text" id="firstname" name="firstname" placeholder="first name"> <br> <label for="lastname">last name:</label> <input type="text" id="lastname" name="lastname" placeholder="second name"> </form> css input, label { display: block; } input[type=text]::-ms-clear { color: red; /* this sets the cross color as red.

::-ms-expand - Archive of obsolete content
-ms-high-contrast-adjust background-clip background-color background-image background-origin background-position-x background-position-y background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-s...
...tyle border-top-width box-shadow box-sizing color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-clear specifications not part of any specification.

::-ms-fill-lower - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width specifications not part of any specification.

::-ms-fill-upper - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-fill-upper specifications not part of any specification.

::-ms-reveal - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-reveal specifications not part of any specification.

::-ms-thumb - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-thumb specifications not part of any specification.

::-ms-ticks-after - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-ticks-after ...

::-ms-ticks-before - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-ticks-before ...

::-ms-track - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing...
... color cursor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-track see also ::-ms-thumb ::-ms-fill-upper ::-ms-fill-lower ::-webkit-slider-runnable-track ::-moz-range-track css-tricks: styling cross-browser compatible range inputs with css quirksmode: styling and scripting sliders ...

::-ms-value - Archive of obsolete content
background-clip background-color background-image background-origin background-repeat background-size border-bottom-color border-bottom-left-radius border-bottom-right-radius border-bottom-style border-bottom-width border-left-color border-left-style border-left-width border-right-color border-right-style border-right-width border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width box-shadow box-sizing color cu...
...rsor display (values block, inline-block, none) @font-face font-size font-style font-weight height margin-bottom margin-left margin-right margin-top -ms-background-position-x -ms-background-position-y -ms-high-contrast-adjust opacity outline-color outline-style outline-width padding-bottom padding-left padding-right padding-top transform transform-origin visibility width syntax ::-ms-value example input::-ms-value { color: lime; font-style: italic; } to disable the default styling: select::-ms-value { background-color: transparent; color: inherit; } specifications not part of any specification.

-moz-maemo-classic - Archive of obsolete content
the -moz-maemo-classic gecko-only css media feature can be used to apply styles based on whether the user agent is using the original maemo theme.
... syntax <integer> if the user agent is using maemo with the original theme, this is 1.

Back to the Server: Server-Side JavaScript On The Rise - Archive of obsolete content
full circle if you were part of the early web's big bang in the mid-1990s you might recall that being able to use javascript both client-side and server-side was core to netscape's original vision for web apps.
... conclusion javascript can be successfully used for full application development on both the client and server, fulfilling netscape's original vision for a single, unified language for the web that makes apps easier to develop and maintain.

Fixing Incorrectly Sized List Item Markers - Archive of obsolete content
related links bug 110360 bug 97351 original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

Fixing Table Inheritance in Quirks Mode - Archive of obsolete content
related resources mozilla's doctype sniffing original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

Issues Arising From Arbitrary-Element hover - Archive of obsolete content
thus, a:hover should always be used instead of just :hover, and a:link:hover (and a:visited:hover) are preferred to the simpler a:hover related links the dynamic pseudo-classes: :hover, :active, and :focus :hover pseudo-class (msdn) original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

RDF in Mozilla FAQ - Archive of obsolete content
xul that is loaded from an "untrusted" url can only specify an rdf/xml document from the same codebase (in the java sense of the word) that the xul document originated from.
... contributors examples section added 2002-07-02 by danbri thanks to myk melez for notes on remote xul / security policy author: chris waterson original document information author(s): chris waterson last updated date: december 22, 2004 copyright information: copyright (c) chris waterson ...

Styling Abbreviations and Acronyms - Archive of obsolete content
related links web content accessibility guidelines 1.0 original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

XQuery - Archive of obsolete content
xquseme is a working proof-of-concept (so far tested on windows and linux with java installed; mac does not work) extension which allows one to perform xqueries on external urls, the currently loaded webpage (even if originally from poorly formed html), and/or xml (including well-formed xhtml) documents stored locally.
... however, use of the approach of the java firefox extension might be used to turn the above extension concept into an xpcom component (giving it access to all open windows), and for berkeley db xml, possibly implementing it in c++ instead, which is that database's original language of development.

Archive of obsolete content
or whenever you make network requests yourself, you almost always need to enforce same-origin policy.
... using firebug and jquery (screencast) note: this screencast is originally from: http://ejohn.org/blog/hacking-digg-w...ug-and-jquery/ using io timeout and interrupt on nt this technical memo is a cautionary note on using netscape portable runtime's (nspr) io timeout and interrupt on windows nt 3.51 and 4.0.

Common causes of memory leaks in extensions - Extensions
consider the following example code that could be part of your browser.xul overlay: gbrowser.addeventlistener("domcontentloaded", function(evt) { var contentdoc = evt.originaltarget; var i = 0; // refresh the title once each second setinterval(function() { contentdoc.title = ++i; }, 1000); }, false); one would normally expect that the interval (or timer) would be destroyed as soon as the document unloads, in the same way that event listeners are automatically destroyed.
... however, while this is still true, the window.setinterval() in the example originates from the outer chrome window (browser.xul) and not from the content window.

Gecko FAQ - Gecko Redirect 1
the original mozilla browser, first released as navigator 1.0, was developed rapidly by a small team that was passionate about creating the next killer app, and they succeeded.
...nt model style system (handles css, etc.) javascript runtime (spidermonkey) image library networking library (necko) platform-specific graphics rendering and widget sets for win32, x, and mac user preferences library mozilla plug-in api (npapi) to support the navigator plug-in interface open java interface (oji), with sun java 1.2 jvm rdf back end font library security library (nss) original document information author(s): angus other contributors: ekrock, vidur, hidday, drunclear copyright information: portions of this content are © 1998–2006 by individual mozilla.org contributors; content available under a creative commons license ...

Plug-in Development Overview - Gecko Plugin API Reference
starting in gecko 10.0 (firefox 10.0 / thunderbird 10.0 / seamonkey 2.7), you can get the origin of the document in a secure, convenient way by calling npn_getvalue() to retrieve the value of the variable npnvdocumentorigin.
... the returned value is the unicode serialization of the document's origin converted to nfkc-encoded (that is, normalized) utf-8.

Asynchronous - MDN Web Docs Glossary: Definitions of Web-related terms
software design asynchronous software design expands upon the concept by building code that allows a program to ask that a task be performed alongside the original task (or tasks), without stopping to wait for the task to complete.
... when the secondary task is completed, the original task is notified using an agreed-upon mechanism so that it knows the work is done, and that the result, if any, is available.

Fetch metadata request header - MDN Web Docs Glossary: Definitions of Web-related terms
a fetch metadata request header is a http request header that provides additional information about the context the request originated from.
... fetch metadata request headers provide the server with additional information about where the request originated from, enabling it to ignore potentially malicious requests.

Lossless compression - MDN Web Docs Glossary: Definitions of Web-related terms
lossless compression is a class of data compression algorithms that allows the original data to be perfectly reconstructed from the compressed data.
...examples of lossless compression include gzip, brotli, webp, and png, lossy compression, on the other hand, uses inexact approximations by discarding some data from the original file, making it an irreversible compression method.

Preflight request - MDN Web Docs Glossary: Definitions of Web-related terms
it is an options request, using three http request headers: access-control-request-method, access-control-request-headers, and the origin header.
... for example, a client might be asking a server if it would allow a delete request, before sending a delete request, by using a preflight request: options /resource/foo access-control-request-method: delete access-control-request-headers: origin, x-requested-with origin: https://foo.bar.org if the server allows it, then it will respond to the preflight request with an access-control-allow-methods response header, which lists delete: http/1.1 204 no content connection: keep-alive access-control-allow-origin: https://foo.bar.org access-control-allow-methods: post, get, options, delete access-control-max-age: 86400 the preflight respons...

Site - MDN Web Docs Glossary: Definitions of Web-related terms
the site of a piece of web content is determined by the registrable domain of the host within the origin.
... the concept of a site is used in samesite cookies, as well as a web application's cross-origin resource policy.

WAI-ARIA basics - Learn web development
you can try taking a copy of our original files (see index.html and style.css), or navigating to our website-aria-roles example (see it live), which has a structure like this: <header> <h1>...</h1> <nav role="navigation"> <ul>...</ul> <form role="search"> <!-- search form --> </form> </nav> </header> <main> <article role="article">...</article> <aside role="complementary">...</aside> </main> <footer>...<...
... </article> </div> note: the most striking change here is that we've removed the links that were originally present in the example, and just used the list items as the tabs — this was done because it makes things less confusing for screenreader users (the links don't really take you anywhere; they just change the view), and it allows the setsize/position in set features to work better — when these were put on the links, the browser kept reporting "1 of 1" all the time, not "1 of 3", "2 of 3", e...

Pseudo-classes and pseudo-elements - Learn web development
pseudo-elements selector description ::after matches a stylable element appearing after the originating element's actual content.
... ::before matches a stylable element appearing before the originating element's actual content.

Positioning - Learn web development
try adding the following to your css, to make the first paragraph absolutely positioned too: p:nth-of-type(1) { position: absolute; background: lime; top: 10px; right: 30px; } at this point you'll see the first paragraph colored lime, moved out of the document flow, and positioned a bit above from where it originally was.
... it is also stacked below the original .positioned paragraph, where the two overlap.

CSS layout - Learn web development
floats originally for floating images inside blocks of text, the float property became one of the most commonly used tools for creating multiple column layouts on webpages.
... with the advent of flexbox and grid it has now returned to its original purpose, as this article explains.

Fundamental text and font styling - Learn web development
this takes up to four values, as shown in the example below: text-shadow: 4px 4px 5px red; the four properties are as follows: the horizontal offset of the shadow from the original text — this can take most available css length and size units, but you'll most commonly use px; positive values move the shadow right, and negative values left.
... the vertical offset of the shadow from the original text; behaves basically just like the horizontal offset, except that it moves the shadow up/down, not left/right.

How do I use GitHub Pages? - Learn web development
the command should look something like this: git remote add origin https://github.com/chrisdavidmills/my-repository.git next, type the following two commands, pressing enter after each one.
... git add --all git commit -m 'adding my files to my repository' finally, push the code up to github by going to the github web page you're on and entering into the terminal the second of the two commands we saw the …or push an existing repository from the command line section: git push -u origin master now you need to turn github pages on for your repository.

Advanced form styling - Learn web development
unfortunately, the behavior of this property's original implementations was very different across browsers, making it not very usable.
...let's start by unstyling the original check boxes: input[type="checkbox"] { -webkit-appearance: none; appearance: none; } we can use the :checked and :disabled pseudo-classes to change the appearance of our custom checkbox as its state changes: input[type="checkbox"] { position: relative; width: 1em; height: 1em; border: 1px solid gray; /* adjusts the position of the checkboxes on the text baseline */ vertical-a...

Sending forms through JavaScript - Learn web development
xhr.send( urlencodeddata ); } btn.addeventlistener( 'click', function() { senddata( {test:'ok'} ); } ) here's the live result: note: this use of xmlhttprequest is subject to the same-origin policy if you want to send data to a third party web site.
... for cross-origin requests, you'll need cors and http access control.

JavaScript basics - Learn web development
the code uses a conditional to check if the src value is equal to the path of the original image: if it is, the code changes the src value to the path of the second image, forcing the other image to be loaded inside the <img> element.
... if it isn't (meaning it must already have changed), the src value swaps back to the original image path, to the original state.

From object to iframe — other embedding technologies - Learn web development
one important note is that you should never add both allow-scripts and allow-same-origin to your sandbox attribute — in that case, the embedded content could bypass the same-origin policy that stops sites from executing scripts, and use javascript to turn off sandboxing altogether.
...typemustmatch can therefore confer significant security benefits when you're embedding content from a different origin (it can keep attackers from running arbitrary scripts through the plugin).

Cooperative asynchronous JavaScript: Timeouts and intervals - Learn web development
result.style.display = 'none'; spinnercontainer.style.display = 'none'; next, define a reset() function, which sets the app back to the original state required to start the game again after it has been played.
...you also use settimeout() to call reset() after 5 seconds — as explained earlier, this function resets the game back to its original state so that a new game can be started.

Fetching data from the server - Learn web development
originally page loading on the web was simple — you'd send a request for a website to a server, and as long as nothing went wrong, the assets that made the web page would be downloaded and displayed on your computer.
... the following block does the same thing as our original example, but is written in a different style: fetch(url).then(function(response) { return response.text() }).then(function(text) { poemdisplay.textcontent = text; }); many developers like this style better, as it is flatter and arguably easier to read for longer promise chains — each subsequent promise comes after the previous one, rather than being inside the previous one (which can ge...

Basic math in JavaScript — numbers and operators - Learn web development
now let's check that both our original variables are of the same datatype.
... operator precedence let's look at the last example from above, assuming that num2 holds the value 50 and num1 holds the value 10 (as originally stated above): num2 + num1 / 8 + 2; as a human being, you may read this as "50 plus 10 equals 60", then "8 plus 2 equals 10", and finally "60 divided by 10 equals 6".

What is JavaScript? - Learn web development
the program is executed from a binary format, which was generated from the original program source code.
...the web browser receives the javascript code in its original text form and runs the script from that.

Adding features to our bouncing balls demo - Learn web development
creating our new objects first of all, change your existing ball() constructor so that it becomes a shape() constructor and add a new ball() constructor: the shape() constructor should define the x, y, velx, and vely properties in the same way as the ball() constructor did originally, but not the color and size properties.
... it should also define a color and a size property, like the original ball() constructor did.

React interactivity: Events and state - Learn web development
ed(id) { const updatedtasks = tasks.map(task => { // if this task has the same id as the edited task if (id === task.id) { // use object spread to make a new object // whose `completed` prop has been inverted return {...task, completed: !task.completed} } return task; }); settasks(updatedtasks); } here, we define an updatedtasks constant that maps over the original tasks array.
...if it doesn’t match, we return the original object.

Command line crash course - Learn web development
the terminal originates from around the 1950s-60s and its original form really doesn’t resemble what we use today (for that we should be thankful).
...ould look something like this (curl will first output some download counters and suchlike): location: /docs/web/api/fetch location: /docs/web/api/globalfetch/globalfetch.fetch() location: /docs/web/api/globalfetch/fetch location: /docs/web/api/windoworworkerglobalscope/fetch although contrived, we could take this result a little further and transform the location: line contents, adding the base origin to the start of each one so that we get complete urls printed out.

Accessibility/LiveRegionDevGuide
these "non-live" events may be events originating from the chrome, user interaction in the chrome or document, document loading events, or real live region events from hidden tabs.
...it was originally intended to give web developers a means to force a live region message to go to a separate output device.

Application cache implementation overview
the results is passed to the original update via manifestcheckcompleted method.
... when the manifest has changed, the update is simply rescheduled, with limit of up to 3 retries (then it fails.) when load of the manifest has failed or redirected, the original update invokes onerror and 'finishes'.

Chrome registration
in order to allow for this, the chrome registration manifest allows for "override" instructions: override chrome://package/type/original-uri.whatever new-resolved-uri [flags] note: overrides are not recursive (so overriding chrome://foo/content/bar/ with file:///home/john/blah/ will not usually do what you want or expect it to do).
... also, the path inside overridden files is relative to the overridden path, not the original one (this can be annoying and/or useful in css files, for example).

Cookies Preferences in Mozilla
network.cookie.cookiebehavior default value: 0 0 = accept all cookies by default 1 = only accept from the originating site (block third party cookies) 2 = block all cookies by default 3 = use p3p settings (note: this is only applicable to older mozilla suite and seamonkey versions.) 4 = storage access policy: block cookies from trackers network.cookie.lifetimepolicy default value: 0 0 = accept cookies normally 1 = prompt for each cookie (prompting was removed in firefox 44) 2 = accept for current session only 3 = accept for n days network.cookie.lifetime.days default value...
...(the old prefs are network.cookie.lifetime.enabled, network.cookie.lifetime.behavior, and network.cookie.warnaboutcookies.) true = prefs have been migrated false = migrate prefs on next startup original document information author(s): mike connor last updated date: may 22, 2004 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Creating a Language Pack
creating a langpack we will now merge the localized files from x-testing locale with the en-us files from the original source.
... $ cd ../obj-firefox-build/browser/locales we will now merge the localized files from x-testing locale with the en-us files from the original source.

Debugging Frame Reflow
the overflow area is specified as (x,y) origin and width x height.
... original document information author(s): bernd mielke last updated date: december 4, 2004 copyright information: portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details.

Eclipse CDT
now simply drag that tab to position it beside, above, or below the original.
...one problem with the "parse once" strategy is that the compiler options for the original source file may ifdef out sections of the header, that would not be ifdef'ed out - and in fact are required by - source files in other parts of the tree.

Obsolete Build Caveats and Tips
each piece of information should mention the page and the section it originally came from.
... you can copy in the original text and bold out what has been removed.

Blocked: All third-party storage access requests
a request to access cookies or storage was blocked because it came from a third-party (a different origin) and content blocking is enabled.
... the permission can be changed or removed by: going to preferences > content blocking and either adding an exception with the manage exceptions… button choosing the custom content blocking and unchecking the cookies checkbox if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to the relevant element.

Using the Browser API
it was originally used in firefox os to implement browser applications before that project was cancelled; since firefox 47 it is available to desktop chrome code and used in places like the firefox devtools.
... <iframe src="http://hostname.tld" mozbrowser remote> warning: this last attribute is necessary for security reasons if you plan to load content from an untrusted/unknown origin.

Gecko Keypress Event
when the accel key is down, the charcode of a keypress event may be replaced with a character from a latin keyboard layout only when the original character is not an ascii character.
... note that replacing the original (non-ascii) characters on these keys means that there are some accessibility issues for non-latin keyboard layout users as many non-ascii characters will not be available for shortcuts.

Gecko's "Almost Standards" Mode
also on mdc images, tables, and mysterious gaps mozilla's doctype sniffing mozilla's quirks mode original document information author(s): eric a.
... note: this reprinted article was originally part of the devedge site.

Hacking with Bonsai
hacking mozilla with bonsai bonsai was originally created to solve the problem of tree instability.
... the original navigator code base had large sections that were shared across multiple platforms.

How to implement a custom autocomplete search component
searchstring = searchstring; this._searchresult = searchresult; this._defaultindex = defaultindex; this._errordescription = errordescription; this._results = results; this._comments = comments; } providerautocompleteresult.prototype = { _searchstring: "", _searchresult: 0, _defaultindex: 0, _errordescription: "", _results: [], _comments: [], /** * @return {string} the original search string */ get searchstring() { return this._searchstring; }, /** * @return {number} the result code of this result object, either: * result_ignored (invalid searchstring) * result_failure (failure) * result_nomatch (no matches found) * result_success (matches found) */ get searchresult() { return this._searchresult; }, /** * @...
...omments) { this._searchstring = searchstring; this._searchresult = searchresult; this._defaultindex = defaultindex; this._errordescription = errordescription; this._results = results; this._comments = comments; } simpleautocompleteresult.prototype = { _searchstring: "", _searchresult: 0, _defaultindex: 0, _errordescription: "", _results: [], _comments: [], /** * the original search string */ get searchstring() { return this._searchstring; }, /** * the result code of this result object, either: * result_ignored (invalid searchstring) * result_failure (failure) * result_nomatch (no matches found) * result_success (matches found) */ get searchresult() { return this._searchresult; }, /**...

CustomizableUI.jsm
if the widget cannot be removed from its original location, this will no-op.
...bleui_and_dom[cui-areatype="menu-panel"],'; css += ' toolbarpaletteitem[place="palette"] > #id_of_my_widget_within_customizableui_and_dom {'; css += ' list-style-image: url("chrome://branding/content/icon32.png");'; //a 32px x 32px icon for when in toolbar css += ' }'; css += '}'; var cssenc = encodeuricomponent(css); var newuriparam = { aurl: 'data:text/css,' + cssenc, aorigincharset: null, abaseuri: null } var cssuri = services.io.newuri(newuriparam.aurl, newuriparam.aorigincharset, newuriparam.abaseuri); //store this in a global var so you can call it when removing the widget sss.loadandregistersheet(cssuri, sss.author_sheet); /**************/ // when you want to remove this widget run this code: // sss.unregistersheet(cssuri, sss.author_sheet); //remove the sty...

Downloads.jsm
isprivate: optional indicates whether the download originated from a private window.
...you may pass an object with a subset of the following fields: isprivate: optional indicates whether the download originated from a private window.

OS.File for the main thread
promise<void> setposition( in number offset, in object origin ) arguments offset the new position, as a number of bytes from the origin.
... origin one of the following: os.file.pos_start (bytes are counted from the start of the file) os.file.pos_cur (bytes are counted from the current position in the file) os.file.pos_end (bytes are counted from the end of the file) promise can be rejected with os.file.error in case of any error, in particular if the new position is before the start of the file, or if the file is closed.

Promise.jsm
the method returns a new promise that, in turn, is fulfilled or rejected depending on the state of the original promise and on the behavior of the callbacks.
... for example, unhandled exceptions in the callbacks cause the new promise to be rejected, even if the original promise is fulfilled.

Sqlite.jsm
if the original connection is already read-only, the clone will be, regardless of this option.
... if the original connection is using the shared cache, this parameter will be ignored and the clone will be as privileged as the original connection.

Webapps.jsm
directs(asource) _savewidgetsfullpath: function(amanifest, adestapp) appkind: function(aapp, amanifest) updatepermissionsforapp: function(aid, aispreinstalled) updateofflinecacheforapp: function(aid) installpreinstalledapp: function installpreinstalledapp(aid) removeifhttpsduplicate: function(aid) installsystemapps: function() loadandupdateapps: function() updatedatastore: function(aid, aorigin, amanifesturl, amanifest) _registersystemmessagesforentrypoint: function(amanifest, aapp, aentrypoint) _registerinterappconnectionsforentrypoint: function(amanifest, aapp,) _registersystemmessages: function(amanifest, aapp) _registerinterappconnections: function(amanifest, aapp) _createactivitiestoregister: function(amanifest, aapp, aentrypoint, arunupdate) _registeractivitiesforapps: funct...
...alfileinstall, aoldapp,) _senddownloadprogressevent: function(anewapp, aprogress) _getpackage: function(arequestchannel, aid, aoldapp, anewapp) _computefilehash: function(afilepath) _sendappliedevent: function(aapp) _openandreadpackage: function(azipfile, aoldapp, anewapp, aislocalfileinstall,) _openpackage: function(azipfile, aapp, aislocalfileinstall) _opensignedpackage: function(ainstallorigin, amanifesturl, azipfile, acertdb) _readpackage: function(aoldapp, anewapp, aislocalfileinstall, aisupdate,) _checksignature: function(aapp, aissigned, aislocalfileinstall) _saveetag: function(aisupdate, aoldapp, arequestchannel, ahash, amanifest) _checkorigin: function(aissigned, aoldapp, amanifest, aisupdate) _getids: function(aissigned, azipreader, aconverter, anewapp, aoldapp,) _checkfor...

source-editor.jsm
note: this ignores the value you specified for backwards in the original search; it always searches forward.
... note: this ignores the value you specified for backwards in the original search; it always searches backward.

Mozilla Web Services Security Model
allow all services on a site to be accessed from any web page note that this is only a sensible thing to do if nothing on the site serves content based on cookies, http authentication, ip address / domain origin, or any other method of authentication.
...the root directory of the server: <webscriptaccess xmlns="http://www.mozilla.org/2002/soap/security"> <delegate/> <allow type="none"/> </webscriptaccess> and in the services directory: <webscriptaccess xmlns="http://www.mozilla.org/2002/soap/security"> <allow type="soapv"/> <allow type="soap"/> </webscriptaccess> good examples (needed.) references new security model for web services, the original proposal for the web-scripts-access.xml file format web services roadmap, documenting when web services features, including the security model, were first supported additional reading documentation of crossdomain.xml, a similar format used by macromedia flash player ...

AsyncTestUtils extended framework
age: (strictly incrementing from arbitrary origin) the default starts at jan 1, 2000 and adds an hour for every message.
...namely, if you use async_move_messages / async_trash_messages on the resulting set, the original sets won't know the messages moved and will get confused if you try and access headers via them again.

McCoy
this is in the form of the public part of a cryptographic key included in the original add-on you release.
...simply select the key you originally added to the add-on's install.rdf, then click the "sign" toolbar button, select your update.rdf file and the data in it will be signed.

PR_PushIOLayer
even if the id parameter indicates the topmost layer of the stack, the value of the file descriptor describing the original stack will not change.
...if the original container was allocated using a different mechanism than used by the runtime, the default calling of the layer's destructor by the runtime will fail pr_createiolayerstub is provided to allocate layer objects and template implementations).

An overview of NSS Internals
a high-level overview to the internals of network security services (nss) software developed by the mozilla.org projects traditionally used its own implementation of security protocols and cryptographic algorithms, originally called netscape security services, nowadays called network security services (nss).
...it was originally developed for telecommunication systems at times where it was critical to minimize data as much as possible (although it still makes sense to use that principle today for good performance).

PKCS11 Implement
implementing pkcs #11 for nss note: this document was originally for the netscape security library that came with netscape communicator 4.0.
...the slots are expected to remain static: that is, the module never has more slots or fewer slots than the number on the original list.