Prerender from address bar

Opera will now prerender pages that are typed into the address bar, before the user hits enter, which can make the page finish loading much sooner.

If you can predict what the user’s likely next navigation will be, you can start a prerender from the current page by using <link rel=prerender>. This has actually been supported since Opera 15, but this seemed like a good opportunity for a reminder. 🙂 For more information about how to use prerender and other resource hints, see Resource Hints – What is Preload, Prefetch, and Preconnect? by Brian Jackson.

Classic link selection

Opera now allows users to select link text instead of always dragging the link (like in Opera 12). The user can select by dragging left or right, and start a drag-and-drop by dragging up or down.

Not being able to select text to copy and paste is often frustrating for users. But in some cases it can be justified, like if a link is being used to act as a button, or if text is used only for decoration. To disable text selection in general, CSS user-select: none can be used.

Scroll anchoring intervention

When some content changes above the viewport (e.g., an image is loaded), what used to happen is that the rest of the content is pushed down. With the scroll anchoring intervention the scroll position is updated to keep the content currently in the viewport stable. This behavior can be disabled for a specific subtree or for the whole page by using CSS overflow-anchor: none. See this video for a comparison with and without this intervention.

CSS

• Opera now supports position: sticky, a new way to position elements. A position: sticky element is relatively-positioned, but becomes position: fixed after the user reaches a certain scroll position. This results in smoother scroll without jumps compared to trying to achieve the same thing with scroll events and JavaScript. For more info see this article by Paul Kinlan.
• The new generic font family system-ui is now supported, which matches the platform’s default UI font.
• touch-action: pinch-zoom is now supported.
• Non-whitespace Unicode control characters will now be rendered according to the specification, rather than being ignored.

HTTP Referrer-Policy header

The new Referrer-Policy HTTP header allows sites to forward site traffic by URL without leaking the user’s session identifier or other private information.

Events: keyboardEvent.isComposing

The KeyboardEvent interface now supports the isComposing attribute which returns true if this event is fired between compositionstart and compositionend events.

Canvas

ImageBitmapRenderingContext can be used to reduce memory consumption and compositing overhead by rendering pixel data in the form of an ImageBitmap.

Audio/video

• ConstantSourceNode is a new audio source node that produces a constant output mixed with an AudioParam.
• Two Web Audio ChannelSplitterNode interface attributes are now read-only: channelCount, which is defined by numberOfOutputs in createChannelSplitter(), and channelCountMode, which is set to explicit.
• PannerNode.rolloffFactor now clamps to the nominal range of a PannerNode’s distance model to describe the volume reduction rate as the source moves away from the listener.
• Support for FLAC is enabled within the FLAC and Ogg containers for the audio HTML element and decodeAudioData().
• OPUS can now be used with decodeAudioData(), expanding the variety of audio codecs supported by the Web Audio API.

Shadow DOM

• Shadow DOM’s slotchange events bubble, but no longer re-fires, at a slot’s assignedSlot.

Deprecated and removed features

• Non-script MIME types for external scripts (e.g., <script src="foo" type="something/something">) was deprecated (generated a message in the console) in Opera 42 and now in Opera 43 are no longer pre-fetched. This typically results in less wasted fetches. <script data-src="foo" type="something/something"> is recommended instead.
• The Web Audio API no longer includes the deprecated Doppler API, including speedOfSound, dopplerFactor, and setVelocity.
• RTCPeerConnection now accepts iceTransportPolicy as an RTCConfiguration parameter as well as iceTransports.
• RTCPeerConnection is now available without a webkit prefix, though webkitRTCPeerConnection still remains.
• The reflected-xss directive has been removed from Content Security Policy 2 since it was solely a wrapper for the X-XSS-Protection header and provided no additional functionality.
• Support for the MediaStreamTrack.getSources() method has been removed in favor of MediaDevices.enumerateDevices().
• The CSP referrer directive is no longer supported in favor of the new Referrer-Policy header mentioned above.
• Legacy CBC-mode ECDSA cipher suites ECDHE_ECDSA_WITH_AES_128_CBC_SHA and ECDHE_ECDSA_WITH_AES_256_CBC_SHA have been removed in favor of modern ciphers such as ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.
• ECDSA with both SHA-1 and SHA-512 have been removed to reduce dependencies on SHA-1 and align with TLS 1.3’s new ECDSA handling.
• MIDIMessageEvent.receivedTime has been deprecated in favor of Event.timeStamp, since Event.timeStamp now supports high-resolution monotonic time instead of epoch time.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

Built-in currency converter

Opera is now the first of the major browsers to add a built-in currency converter.

The user select the price they want to convert on the page and Opera will automatically show it in their local currency. Opera 42 supports conversion in 32 currencies based on daily values from the European Central Bank.

Currency symbols are supported, but for ambiguous symbols (e.g. “$”, “kr”) we recommend using the ISO 4217 alphabetic code before or after the amount, as selectable text. This makes it unambiguous for Opera’s currency converter what to convert from, but it should also be helpful for end users and other tools in general.

<p>USD 50</p>
<p>995 SEK</p>

Input handling improvements

The PointerEvent standard is now supported. It gives developers a unified API for handling “pointer” user input, whether that is mouse, touch, pen, etc. PointerEvent also does not block scrolling, which should reduce jank during scrolling. When using TouchEvent, the same performance benefit can be achieved using passive event listeners. The touch-action CSS property is now also supported, to allow reacting to gestures such as panning. For more information, see Pointing the Way Forward by Sérgio Gomes.

The auxclick event is now fired for non-primary mouse buttons, instead of click.

JavaScript async and await

The async and await keywords are now supported, which allows writing Promise-based JavaScript with a neater syntax, and enables use of try/catch to catch rejected promises.

async function myFirstAsyncFunction() {
	try {
		const fulfilledValue = await promise;
	}
	catch (rejectedValue) {
		// …
	}
}

For more information, see Async functions - making promises friendly by Jake Archibald.

CSS automatic hyphenation

The hyphens CSS property is now supported (on Mac), which can be used to enable automatic hyphenation when text is broken across multiple lines. Possible values are none, manual (initial value) and auto.

For none, hyphenation will not happen even when ­ is used. For manual, hyphenation only happens for ­. For auto, automatic hyphenation happens, based on the language specified in the lang attribute.

html { hyphens: auto; }
code { hyphens: manual; }

See demo.

once event listener option

The once event listener option` is now supported, for a convenient way to only invoke an event listener once and then remove the listener.

element.addEventListener('click', function(event) {
	// ...one-time handling of the click event...
}, {once: true});

For more information, see Once Upon an Event Listener by Jeff Posnick.

Persistent storage

Persistent storage is now on by default.

TLS

• The TLS stack now implements GREASE, a mechanism to help prevent problems with buggy TLS servers.
• RSA-PSS signature algorithms have been added to TLS to prepare for TLS 1.3.

New constructors

new MediaStreamTrackEvent(type, options) and new AudioNode(context, options) constructors are now available.

document.write() intervention

Cross-origin and parser-blocking scripts injected using document.write() will no longer load over 2G connections. See this article by Paul Kinlan for more information.

Deprecated and removed features

• As mentioned above, the click event is no longer fired for non-primary mouse buttons. In most cases this is desirable; click event handlers are most often intended to handle primary clicks. But if you need to handle non-primary clicks (e.g., middle mouse button), the auxclick event can be used. The contextmenu event can also be used to handle clicks that would open a context menu (typically right-click).
• BaseAudioContext will replace AudioContext in the Web Audio API.
• CSS Clipping Path properties no longer require the webkit prefix.
• The MediaStream constructor is now available without prefix alongside the existing webkitMediaStream.
• Non-script MIME types for external scripts (e.g., <script src="foo" type="something/something">) is deprecated and will from M56 (Opera 43) no longer be pre-fetched. This typically results in less wasted fetches. <script data-src="foo" type="something/something"> is recommended instead.
• <textarea maxlength=""> and <textarea minlength=""> have been updated to count each line break as one character, instead of two.
• The webkit prefix has been removed from the imageSmoothingEnabled property of CanvasRenderingContext2D.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

Web Components: Custom Elements v1

Custom elements form the foundation of web components. The initial version of the API, also known as Custom Elements v0, has been supported since Opera 20 & Chrome 33. With the v0 API, a new custom element was defined using document.registerElement().

Since then, the spec has been updated based on web developer and browser vendor feedback. The improved API is called Custom Elements v1. The new hip & trendy way of defining a custom element is through customElements.define(). The v0 API is now deprecated and will be removed in a future release.

For more details, check out Eric Bidelman’s custom elements guide.

DOM convenience methods on ParentNode & ChildNode

We now support the following convenience methods on ParentNode and ChildNode for working with DOM trees:

• ParentNode.prototype.prepend()
• ParentNode.prototype.append()
• ChildNode.prototype.before()
• ChildNode.prototype.after()
• ChildNode.prototype.replaceWith()

CanvasRenderingContext2D.prototype.imageSmoothingQuality

CanvasRenderingContext2D.prototype.imageSmoothingQuality allows developers to balance performance and image quality by adjusting resolution when scaling.

const canvas = document.querySelector('canvas');
const context = canvas.getContext('2d');
const image = new Image();
image.src = 'image.png';
image.onload = function() {
	context.imageSmoothingEnabled = true;
	context.imageSmoothingQuality = 'high'; // or 'low', or 'medium'
	context.drawImage(image, 0, 0, 320, 180);
};

BroadcastChannel API

The BroadcastChannel API allows same-origin scripts to send messages to other browsing contexts. It can be thought of as a simple message bus that allows publish-subscribe semantics between windows, tabs, iframes, web workers, and service workers. Think of it as a simpler, same-origin version of the good ol’ postMessage() API.

For more information, check out this article.

Cache Storage API: CacheQueryOptions

The full set of CacheQueryOptions is now supported, making it easier to find the cached responses you’re looking for. Here’s the complete list of available options:

• ignoreSearch
• ignoreMethod
• ignoreVary
• cacheName

See Jeff Posnick’s excellent article for more information.

CSS text-size-adjust

The text-size-adjust property lets web developers control and disable the text autosizing feature which increases font sizes on mobile.

Unprefixed CSS user-select

You can now use user-select instead of -webkit-user-select in CSS. The user-select property makes it possible to specify which elements in the document can be selected by the user and how.

Navigations in unload handlers now blocked

Navigations initiated in an unload handler are now blocked. Instead, any prior navigation will continue. This matches the behavior in Firefox, and matches Edge’s behavior more closely than before.

Node.prototype.getRootNode

Sites can use Node.prototype.getRootNode(options) to obtain the root for a given node.

Experimenting with post-quantum crypto for TLS

CECPQ1 is a post-quantum cipher suite: one that is designed to provide confidentiality even against an attacker who possesses a large quantum computer. It is a key-agreement algorithm plugged into TLS that combines X25519 and NewHope, a ring-learning-with-errors primitive. Even if NewHope turns out to be breakable, the X25519 key-agreement will ensure that it provides at least the security of our existing connections.

Note that this is only an experiment. In fact, the plan is to discontinue this experiment within two years, hopefully by replacing it with something better. See “Experimenting with post-quantum cryptography” for more details.

Deprecated and removed features

URL.createObjectURL and URL.revokeObjectURL are now deprecated in service worker contexts.

The MediaStream API dropped MediaStream.prototype.ended a long time ago. Its usage has been deprecated since Opera 32 & Chromium 45. As of this release, the ended event is no longer supported.

Similarly, the File API spec once removed the FileError interface. It has been deprecated since 2013. Any usage of FileError triggered a warning in the DevTools console since Opera 40 & Chromium 53. As of this release, FileError is no longer supported.

Support for the non-standard TouchEvent.prototype.initTouchEvent has been removed, after being deprecated since Opera 36 & Chromium 49. Use the Touch and TouchEvent constructors instead.

To more closely match other browser’s behavior, window.external.IsSearchProviderInstalled and window.external.AddSearchProvider (originally intended to add search engines programmatically) are now both no-ops. This functionality was never implemented in Safari. In IE10, these methods are (mostly) no-ops: IsSearchProviderInstalled always returns 2, and AddSearchProvider always returns S_OK. Firefox still implements this, but notes that it may be removed at any time.

KeyboardEvent.prototype.keyIdentifier has been removed. Use KeyboardEvent.prototype.key (or its polyfill) instead.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

Improved <input pattern="…">

The u flag (which stands for Unicode) is now applied to any regular expressions compiled through the pattern attribute for <input> and <textarea> elements. This enables more Unicode-friendly features, and generally more sensible behavior.

<input pattern="[🍪🎂🍩]">
<!--
	The input only validates when it is either 🍪, 🎂, or 🍩.
	(Previously, those strings would fail validation.)
-->

A demo is available.

<iframe sandbox="allow-presentation">

The Presentation API defines the nw allow-presentation sandboxing flag for <iframe sandbox="…"> which gives web developers control over whether an iframe can start a presentation session. By default, the Presentation API is disabled in sandboxed <iframe>s.

Shadow DOM v1

All browser vendors finally agreed on the Shadow DOM spec, called v1. The new Shadow DOM APIs include:

• Element.attachShadow
• Event.prototype.composed
• Event.prototype.composedPath()
• HTMLSlotElement
• Slotable.prototype.assignedSlot

For more information, check out Hayato Ito’s overview of the differences between Shadow DOM v0 and v1.

MediaStreamTrack Constraints API

The following MediaStreamTrack methods are now supported:

• getCapabilities
• getConstraints
• getSettings
• applyConstraints

These APIs allow getting, setting, and querying constraints on a MediaStreamTrack.

Additionally, MediaTrackConstraints instances now have video and audio properties.

Promise-based getUserMedia

The navigator.mediaDevices.getUserMedia() API, which returns a promise, is now supported. Also, the unprefixed version of navigator.getUserMedia() (which uses callbacks) is now available. For more info, see Sam Dutton’s write-up.

Unprefixed CSS filter

The CSS filter property is now supported in its unprefixed form. For now, -webkit-filter is still supported as an alias for filter. A demo featuring SpongeBob SquarePants is available.

CSS -webkit-user-select: all

Chromium already supported -webkit-user-select, the prefixed version of user-select, but it didn’t recognize every value the spec defines. As of this update, the -webkit-user-select: all is supported. This property/value pair makes it so that if a selection would contain only part of an element, then the selection must contain the entire element including all its descendants.

For example, if you apply this on all <p> elements, and you then try to select a single word in a paragraph, the entire paragraph is selected automatically.

The CSS Tricks Almanac entry for user-select features a nice demo.

Force flattening when ancestor has opacity

3D-positioned descendants are now flattened by an ancestor that has opacity. Previously that didn’t happen if that ancestor also specified transform-style: preserve-3d. A visual demo explains this better than words ever could.

Rasterization & will-change: transform

Generally, all content is re-rastered when its transform scale changes, unless will-change: transform is applied to it. In other words, will-change: transform effectively means “please apply the transformation quickly, without taking the additional time for rasterization”. This only applies to scaling that happens via JavaScript manipulation, and does not apply to CSS animations. For more information, see the technical summary for this change. A demo is available.

Deprecated and removed features

Synthetic events (i.e. those who are created by JavaScript, and are thus untrusted) are now prevented from executing their default action. click is the only exception for backwards compatibility with legacy content. This change matches the spec and other browsers.

The HTML spec was changed so that <label> elements aren’t form-associated elements anymore. As a result, support for the form attribute on <label> elements was removed, and labelElement.form is now an alias for labelElement.control.form (instead of mapping to the form attribute value).

HTTP/0.9, the predecessor to HTTP/1.x, is now deprecated, and will be removed in a future release. Its replacement, HTTP/1.0, was standardized 20 years ago.

Support for DHE-based TLS ciphers has been removed, after being deprecated in Chromium 51 & Opera 38. Servers should upgrade to ECDHE ciphers instead.

A long time ago, the File API spec was changed to remove the FileError interface. It has been deprecated since 2013. As we’re preparing to remove this interface entirely in a future release, any usage of FileError now triggers a warning in the DevTools console.

The TextEncoder API no longer accepts an argument that specifies the encoding. Instead, it always uses UTF-8. If an argument is passed, it is ignored. This means that new TextEncoder('utf-16') and new TextEncoder('utf-16be') no longer work.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

ES2016 exponentiation operator

ES2016 introduces an arithmetic operator equivalent of Math.pow(base, exponent), in which the lefthand-side expression serves as the base value, and the righthand-side expression serves as the exponent.

4 ** 3;
// → 64

let value = 4;
value **= 3;
value;
// → 64

Fetch API: Response construction with ReadableStream

It’s now possible to construct your own ReadableStream instances and to use them as bodies for Response objects, including from within service workers. This functionality is part of the Fetch standard. See Jeff Posnick’s write-up for details, or Jake Archibald’s in-depth blog post on streams for even more info.

Fetch API: referrer policy

Requests made using the Fetch API can use a specific referrer policy, which affects the value of the Referer HTTP header that’s sent to remote servers. This can be done by adding a referrerPolicy property to the options object passed to fetch, which accepts the following values:

• 'no-referrer'
• 'no-referrer-when-downgrade'
• 'origin'
• 'origin-when-cross-origin'
• 'unsafe-url'

See Ehsan Akhgari’s write-up for a straight-forward explanation of these values.

fetch(url, { 'referrerPolicy': 'no-referrer' })
	.then(function(response) {
		// Do something with the `response`…
	});

A demo is available.

2D canvas filters

CanvasRenderingContext2D instances now support the filter property that applies effects to primitives drawn to the canvas. The filter value is parsed in the same way as CSS filters.

const canvas = document.querySelector('canvas');
const context = canvas.getContext('2d');
context.filter = 'saturate(6.3)';

createImageBitmap options

An ImageBitmapOptions object is an options object that can be passed to createImageBitmap().

createImageBitmap(image, options).then(function(response) {
	// Do something with the `response`…
});

The available options are:

• colorSpaceConversion indicates whether the image is decoded using color space conversion. Either 'none' or 'default' (default). The value 'default' indicates that implementation-specific behavior is used.
• imageOrientation indicates whether the image is presented as-is or flipped vertically. Either 'flipY' or 'none' (default).
• premultiplyAlpha indicates that the bitmap color channels are premultiplied by the alpha channel. One of 'none', 'premultiply', or 'default' (default).
• resizeWidth indicates the new width.
• resizeHeight indicates the new height.
• resizeQuality specifies an image scaling algorithm. One of 'pixelated', high', 'medium', or 'low' (default).

Invalid <track kind> values are no longer treated as subtitles

Invalid values for <track kind> were previously treated as 'subtitles'. This means that any new values would be treated as subtitles by old browsers. Chromium now uses 'metadata' instead as the “invalid value default”, to avoid browsers showing <track>s with unrecognized values.

HTMLMediaElement.prototype.srcObject

The srcObject property on HTMLMediaElement instances enables associating a MediaStream to a media element using a simple assignment. Previously, achieving this required first obtaining a URL associated to the MediaStream, and then associating this URL to the media element.

Currently, only MediaStream objects are accepted because it is the only type currently supported by other major browsers, but Chromium aims to support more types in the future. (Per the spec, a MediaProvider can be a MediaStream, a MediaSource, or a Blob.)

Web Audio updates

AudioParam instances now have readonly minValue and maxValue properties that specify the minimum and maximum values the AudioParam can have. The value is clamped to lie in this range

Automation methods for the position and orientation coordinates of PannerNode and the position{X,Y,Z}, up{X,Y,Z}, and forward{X,Y,Z} vectors of AudioListener are now available. This allows smooth changes in the coordinates using AudioParam methods.

Chromium now implements the reduction property on DynamicsCompressorNode instances as a readonly float, matching the spec. Previously, the value was represented as an AudioParam.

IDBKeyRange.prototype.includes()

The includes method on IDBKeyRange instances tests whether or not a key exists within the bounds of the range. Until all other browsers support this natively, a polyfill can be used.

WebRTC: Storing RTCCertificates in IndexedDB

RTCCertificates are self-signed certificates used in the DTLS handshake when setting up a connection with an RTCPeerConnection. Chromium now allows web applications to store RTCCertificates by implementing the structured clone algorithm. This means RTCCertificates can be saved and loaded from an IndexedDB database, saving the cost of generating new certificates for new sessions.

Performance Observer

The Performance Observer API is essentially a streaming interface that can be used to gather low-level timing information asynchronously, as it’s gathered by the browser. Marc Cohen’s write-up does a great job explaining it.

Pause event loop during modal dialogs

When using alert(), confirm() or onbeforeunload, Chromium’s old behavior was to block JavaScript while waiting for the result, but to allow all declarative animations to continue. As of this update, Chromium makes all main-thread tasks (such as <marquee> and CSS 2D animations) also pause during this interval.

Here’s a demo showing the impact of alert() on a CSS 2D animation.

CSS containment

The CSS contain property indicates that an element and its contents are, as much as possible, independent of the rest of the document tree. This allows the browser to recalculate layout (contain: layout), style (contain: style), paint (contain: paint), size (contain: size), or any combination of them for a limited area of the DOM and not the entire page. For more details, check out Paul Lewis’ explanation.

CSS font-variant-caps & font-variant-numeric

The CSS properties font-variant-caps and font-variant-numeric are now supported.

meter { -webkit-appearance: none; }

Previously, there was no way to completely disable the browser’s default rendering of <meter> elements and to restyle them using CSS. As of Chrome 52 / Opera 39, this finally became possible using -webkit-appearance: none.

New CSS Flexbox behavior for absolutely-positioned children

The static position of absolutely-positioned children used to be set as though they were a 0×0 flex item. The CSS Flexible Box Layout spec has since been updated to take such children fully out of flow and to set the static position based on align and justify properties. Check out the demo.

Alternative Services

Alternative Services allow an origin serving an http:// or https:// resource to nominate additional origins that the client can choose to request the resource from instead when making subsequent requests. This can be used, for example, as a protocol upgrade mechanism, for connection pooling, or for load balancing.

This is done through the Alt-Used HTTP header.

For example, if the resource at https://origin.example.com/foo returns the following response headers:

Alt-Used: https://alternate.example.net

…and https://origin.example.com/bar is requested afterwards, then the browser may fetch either https://origin.example.com/bar or https://alternate.example.net/bar.

CSP3 strict-dynamic

The 'strict-dynamic' source expression allows scripts loaded via nonce- or hash-based whitelists to load other scripts. Deploying CSP is now simpler than ever before. A demo is available.

Deprecated and removed features

X-Frame-Options is now ignored when present inside a <meta> tag, e.g. <meta http-equiv="X-Frame-Options" contents="DENY">, matching the spec. Use an HTTP header (X-Frame-Options: DENY) instead.

A non-standard and little-used variant of the postMessage() API is being deprecated, specifically postMessage(message, transferables, targetOrigin). Use postMessage(message, targetOrigin, transferables) instead.

The ended event & property and the onended event handler have been removed from the Media Capture and Streams spec and are now being deprecated in Chromium.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

Last week, I presented at Google’s Progressive Web App Dev Summit in Amsterdam. In my talk, I covered novel UX patterns in progressive web apps, emerging markets and Opera Mini compatibility, and introduced a couple of new ideas to solve some of the discoverability issues progressive web apps struggle with.

My talk there was followed by a browser panel, in which I participated as well. You can find a video of it below.

If you have any questions about progressive web apps, do check out our other articles or ask a question.

We’re excited to release a Labs build of Opera for Android with support for two experimental features that enhance the discoverability and use of progressive web apps.

Ambient badging

Earlier this month, Alex Russell wrote:

Wouldn’t it be great if there were a button in the URL bar that appeared whenever you landed on a PWA that you could always tap to save it to your homescreen?

We have been exploring this idea for a while, and are previewing an early version of this idea in this Labs build.

If you load a site that passes the criteria to qualify as a progressive web app, a small phone icon is shown to the left of the URL bar, labeling it as such. Note that this is different from the “add to home screen” install banner, which requires a user engagement check.

Give it a spin on one of the sites listed on pwa.rocks and let us know how it goes.

Pop into browser

A few weeks ago, there were some discussions around the lack of visibility of URLs in progressive web apps. What to do for instance if you want to find out the URL of a page inside a progressive web app?

Jeremy Keith tweeted:

I want people to be able to copy URLs. I want people to be able to hack URLs. I’m not ashamed of my URLs …I’m downright proud.

Also here, we’ve been doing some explorations: initially, we thought we could surface the URL by requiring the user to long-press anywhere in the web app and show it in a context menu. However, after further investigations, this turned out to be harder than expected — e.g. what to do with form fields, where context menus serve a different purpose? Then we had the idea to somehow connect it to the “pull-to-refresh” spinner, as a secondary gesture to the left or right. You can see in the video how this works. Quite useful, and it’s discoverable, without getting in the way.

These are just early proposals, and we may or may not include them in a final Opera for Android build. In the meanwhile, we’re happy to hear your feedback: give it a spin and let us know what you think.

ES6 Symbol.hasInstance

Constructors can now implement their own Symbol.hasInstance method, which is used by instanceof to determine whether a constructor object recognizes an object as its instance.

ES6 subclassing using Symbol.species

The Symbol.species accessor property allows subclasses to override the default constructor for objects.

For example, Array.prototype.map constructs instances of the subclass as its return value, with the option to customize this by changing Symbol.species.

class MyArray extends Array {
	static get [Symbol.species]() {
		// Return the parent `Array` constructor.
		return Array;
	}
}
const foo = new MyArray(1, 2, 3);
console.log(foo instanceof MyArray); // true
console.log(foo instanceof Array);   // true
const mapped = foo.map(x => x * x);
console.log(mapped instanceof MyArray); // false
console.log(mapped instanceof Array);   // true

ES6 RegExp subclassing

Previous versions of the JavaScript spec always used the original value of RegExp.prototype.exec in other methods such as String.prototype.replace — there was no way to override exec programmatically to change the core matching algorithm. In ES6 this is finally possible, which enables subclassing RegExp without having to duplicate any higher-level integration logic:

class MyRegExp extends RegExp {
	exec() {
		return ['Hello from MyRegExp!'];
	}
}

const re = new MyRegExp('foo');
'bar'.match(re);
// ['Hello from MyRegExp!']

ES6 Function.prototype.name

In ES6, the name property is sometimes set even on anonymous functions, based on the syntactic position of the function or class expression.

const foo = function() {};
const bar = () => {};
console.log(foo.name); // 'foo'
console.log(bar.name); // 'bar'

ES6 iterator closing

Iterators are now checked for a close method which is called if the loop terminates early. This can be used for clean-up duty after the iteration has finished.

ES6 Array.prototype.values

The values method for arrays returns an iterator over the contents of the array. This is similar to Map.prototype.values for maps or Set.prototype.values for sets.

Iterable array-like DOM interfaces

Any DOM interfaces containing indexed property getters and length properties now have a Symbol.iterator that makes them iterable. This means that things like NodeList, HTMLAllCollection, FileList, or MediaList can now be looped over by using forEach or for-of.

for (const element of document.querySelectorAll('p')) {
	element.textContent += ' Hurray!';
}

Passive event listeners

Passive event listeners are a new feature in the DOM spec that enable developers to opt-in to better scroll performance by eliminating the need for scrolling to block on touch and wheel event listeners. Developers can annotate touch and wheel listeners with { passive: true } to indicate that they don’t invoke preventDefault to get a massive scroll performance boost.

For more information, read the explainer document or check out the demo.

KeyboardEvent.prototype.key

The key property on KeyboardEvent instances is now implemented. It returns the string value of the key (or keys) pressed by the user to generate the event. Check out the demo for key specifically or play around with the keyboard event viewer.

Intersection Observer API

The brand-new Intersection Observer API makes it easy to efficiently track when a given element in the DOM enters the visible viewport or leaves it. For more information, check out Surma’s write-up or the explainer document, or view a demo.

Presentation API

The Presentation API enables accessing external presentation-type displays and using them for presenting web content. A demo is available.

Service workers: ExtendableMessageEvent

ServiceWorker.prototype.postMessage() now results in an ExtendableMessageEvent fired on ServiceWorkerGlobalScope as a 'message' event. Before this change, postMessage() resulted in a MessageEvent fired on the global scope.

Calling the waitUntil(promise) method of an ExtendableMessageEvent instance extends its lifetime until promise is settled.

To experiment with this, view the service worker postMessage() demo.

Web Audio API: OfflineAudioContext.prototype.length

OfflineAudioContext instances now have a length that indicates the number of frames that the offline context will render.

WebRTC: promise-based RTCPeerConnection methods

The following RTCPeerConnection methods are now promise-based, matching the updated spec:

• addIceCandidate
• createAnswer
• createOffer
• setLocalDescription
• setRemoteDescription

CSS border-image now follows the spec

Chrome and Opera now require a border style in order to paint border-images, matching the spec. If you’re affected by this change, add e.g. border-style: solid where border-image is used.

Percentage sizes of flex item children

According to the spec, certain flex items have definite sizes. If a child element of such a flex item uses percentage-based sizes, these are now handled correctly. A visual demo is available.

SameSite cookie attribute

The cookie attribute formerly known as “First-Party-Only” or “First-Party” allows servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same domain.

AES_256_GCM for TLS

To simplify server configuration and negotiate modern ciphers with more existing servers, Chrome and Opera now offer the AES_256_GCM cipher suite for TLS connections. See the intent to implement for details.

Deprecated and removed features

For security reasons, custom messages in onbeforeunload dialogs are no longer used.

DHE-based TLS ciphers are now deprecated and support for them will be removed at some point in the future. A warning message is logged to the DevTools console whenever such a cipher is used. Servers should upgrade to ECDHE ciphers instead.

Chromium 51 / Opera 38 no longer negotiates SPDY over HTTPS connections. Sites using it return to negotiating HTTP/1.1, unless they upgrade to HTTP/2. Use HTTP/2 instead.

A related feature removal is that of NPN, which was the TLS extension used to negotiate SPDY. During the standardization process, NPN was replaced with ALPN.

The non-standard results attribute for <input type=search> is now deprecated. In Chrome and Opera, it’s a purely cosmetic feature that adds a magnifier icon to the input field. In desktop Safari, it controls how many submitted queries are shown in a popup opened by clicking the magnifier icon.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

ES6: RegExp Unicode flag

ES6 specifies the u flag which enables more Unicode-friendly features and behavior in regular expressions. For example, it allows using astral symbols in character class ranges:

// Match any symbol from U+1F4A9 PILE OF POO to U+1F4AB DIZZY SYMBOL.
const regex = /[💩-💫]/u; // Or, `/[\u{1F4A9}-\u{1F4AB}]/u`.
console.log(
	regex.test('💨'), // false
	regex.test('💩'), // true
	regex.test('💪'), // true
	regex.test('💫'), // true
	regex.test('💬')  // false
);

For more information on the effects of the u flag, see “Unicode-aware regular expressions in ECMAScript 6”.

ES6: more well-known symbols

Five more ECMAScript well-known symbols have been implemented:

• Function.prototype[Symbol.hasInstance], used in the instanceof operator.
• RegExp.prototype[Symbol.match], used to brand an object as RegExp-like, and used in String.prototype.match;
• RegExp.prototype[Symbol.replace], used in String.prototype.replace;
• RegExp.prototype[Symbol.search], used in String.prototype.search;
• RegExp.prototype[Symbol.split], used in String.prototype.split.

These last four symbols act as hooks for RegExp subclasses to change the semantics of matching. By overriding MyRegExpSubclass.prototype[Symbol.match] etc. developers can change how the subclass behaves with respect to String.prototype.match and similar methods.

Bold emoji on OS X

Previously, emoji with font-weight: bold applied to them failed to render in Chromium on OS X. This is now fixed. 🙌🎉

<link rel="preload" as="…">

The preload link relation makes it possible to define custom loading logic without suffering the performance penalty that script-based resource loaders incur. It can be combined with the as attribute to signal to the browser what kind of resource is being preloaded. This enables various optimizations that <link rel="prefetch"> or preload’s predecessor <link rel="subresource"> don’t offer. See Yoav Weiss’ excellent article for more information.

CSS column-fill

When using multi-column layouts, the CSS column-fill property indicates whether columns should be balanced or not. If they are balanced, each column gets similar amounts of content inside. If they are not balanced, each column is filled to the height of the multicol container, until all the content is displayed. The spec contains some examples with visualizations.

Canvas updates

<canvas> element instances now support the toBlob() method alongside the toDataURL() method. toBlob() is typically more efficient than toDataURL, as it enables you to work with the encoded binary data directly rather than with a Base64-encoded string.

The global createImageBitmap() method decodes an image in the background and returns an ImageBitmap which you can draw onto a <canvas> in the same way you would an <img> element, another canvas, or a video. See Paul Lewis’ write-up for more details.

DOMTokenList validation

It’s now possible to programmatically detect support of values for HTML attributes that are backed by DOMTokenList instances in JavaScript. Currently, those HTML attributes are the following:

• <link rel> relations
• <iframe sandbox> directives

To test a value, just use .supports(value) on the DOMTokenList instance. For more information, check out the Google Developers blog post.

FormData updates

The FormData interface provides a way to easily construct a set of key/value pairs representing form fields and their values, which can then be easily sent using XMLHttpRequest or fetch. Previously, FormData objects had a single append() method, and were thus write-only. The spec has now added has(), get(), getAll(), delete(), set(), entries(), keys(), values(), forEach() and Symbol.iterator() methods to allow inspection, iteration, and modification. Check out the demo.

HTMLMediaElement.prototype.play() returns a promise

The play method on <video> or <audio> element instances now returns a promise. If playback succeeds, the promise is fulfilled, and if playback fails, the promise is rejected along with an error message explaining the failure. For more details, check out Jeff Posnick’s blog post or view the demo.

Presentation API updates

Support for the statechange event on PresentationConnection instances has been removed since it’s no longer part of the spec. On the other hand, the message, connect, close, and terminate event are now implemented.

Web Animations API updates

This release introduces the following Web Animations API changes to improve interoperability with other browsers and to improve spec compliance:

• Animation.prototype.id
• cancel events
• Deprecation of dashed names as keys in keyframes (to be removed in the next release)
• State change for the pause() method

For details, see Alex Danilo’s write-up about these features.

Web Audio API updates

Automations for the BiquadFilter node now run at a-rate (updated every frame) instead of at k-rate (updated every rendering quantum of 128 frames). This change matches the spec.

Push Notifications on Opera for Android

Opera for Android now supports push notifications.

Sequential focus navigation starting point

The sequential focus navigation starting point is how the HTML spec defines where browsers should start to search for focusable areas when pressing Tab or Shift+Tab while there is no focused area. This is now implemented according to the spec.

X25519 for TLS

Chromium 50 brings support for X25519, the Diffie-Hellman primitive over Curve25519, to TLS. When compared to P-256, the most commonly used curve in TLS today, it admits simpler, faster implementations that are more naturally resistant to side-channels. Servers may negotiate X25519 for ECDH instead of existing curves.

Deprecated or removed features

The Geolocation API no longer works on insecure origins. Use HTTPS instead.

The use of the application cache API on insecure origins has been deprecated and will be removed in a future release. Use HTTPS and service workers instead.

Support for the insecure TLS fallback mechanism has been removed. This does not remove support for older versions of TLS — it just prevents attackers from downgrading the connection to use outdated, insecure ciphers. If your server is affected by this change, it does not implement TLS correctly. Consider upgrading to TLS 1.2 — all ciphers in prior versions have known problems.

The SVG zoom event was never fully implemented in Chromium, causing false positives in feature detection scripts. It has now been deprecated and its removal is planned for Chromium 52 / Opera 39.

Support for the non-standard -webkit-background-composite CSS property has been removed.

The WebRTC RTCPeerConnection instance methods createOffer() and createAnswer() now require an error handler as well as a success handler. Previously it was possible to call these methods with only a success handler. This non-standard behavior has been deprecated.

Support for <link rel="subresource"> has been removed. It never worked as intended, and no other browser engines implemented it. Use the preconnect, prefetch, preload, or prerender link relations instead, or use a service worker in combination with the Cache API for more fine-grained control.

The non-standard KeyboardEvent.prototype.keyLocation alias has been removed. To disambiguate between keys that are on multiple places on a keyboard, like numbers and Enter, use KeyboardEvent.prototype.location instead.

Support for document.defaultCharset has been removed.

Object.observe() has been removed from the ECMAScript spec and is now no longer supported in Chromium. Use the Proxy API to observe objects instead.

The SVGElement instance properties offsetParent, offsetTop, offsetLeft, offsetWidth, and offsetHeight has been removed. They are now only supported on HTMLElements, matching the spec. If you need similar functionality for SVG elements, use getBoundingClientRect() instead.

The XMLHttpRequestProgressEvent interface has been removed, together with the position and totalSize properties. Use the ProgressEvent interface with the loaded and total properties instead.

The Google Developers blog has more details on some of these feature removals/deprecations.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

That is why we chose our extension packaging format as .nex which stands for ‘navigator extensions’, signifying our take on a vendor-neutral format for extensions. Back it 2013, we wrote the following:

…NEX — a vendor-neutral packaging format for browser add-ons that we have initially implemented on top of the Chromium .crx format in Opera. We intend to further develop this as an open add-ons format through international standards bodies. Initially we intend to consolidate the differences between add-on execution environments themselves considering their current similarities. As a secondary objective we then aim to kick-start meaningful discussion around shared system and device-level APIs with a view to making browser add-ons first-class citizens of the web core.

Years later, it seems a lot of other browser makers are also on board with getting some common extension APIs which work cross-browser. In order to do this, Opera, Microsoft, and Mozilla have begun work in the Extensions Community Group where we will try to agree upon a set of common APIs, as well as a common manifest and packaging format for browser extensions. The goal is to enable extension developers to write one extension and have it work cross-browser.

This does not mean that browsers will not have their own proprietary APIs — they will, for some features. However, if we can work out a common manifest and packaging format, along with a core set of APIs to have in common, then this will go a long way in having interoperability of extensions across browsers. This could also open the door to a type of ‘progressive enhancement’ model for developing extensions (where instead of making a separate extension for each browser, we could make one extension and feature detect for various APIs), much like we have for web sites.

We appeal to the community to participate in the discussion in the group, and to give their feedback and ideas. We hope other browser makers will join us, so that together we can make extension development for multiple browsers much smoother than it is right now.

View the slides here:

Check out the video below.

The Q&A session after the talk was recorded as well.

The presentation walks through what timing attacks are, explains how they can occur on the web through client-side code, and demonstrates how modern performance-related web APIs can sometimes have a negative security impact. To get the point across, I showcased some brilliant research by Yan Zhu and Tom Van Goethem. My favorite demo was one of Tom’s, where a client-side timing attack (using nothing but JavaScript) is used to figure out the exact age of the current visitor. (This demo starts around 16:03 in the first video.)

To me, this stuff is extremely interesting on a technical level. It’s also a little scary, however, to realize that malicious actors can use these techniques to invade your privacy while you’re browsing the web, without you ever knowing. Embedded third-party advertisements could be running timing attacks in the background, leaking pieces of private info (such as age, gender, location), which in turn enables them to serve you more targeted advertisements, fingerprint and track you across the web, or even de-anonymize you completely.

The sad news is that, as a web developer, there’s no obvious way to prevent this type of attack. Using Same-Site cookies helps, but its strict mode seems a bit too aggressive for mainstream usage, and its lax mode might still not fully protect against timing attacks.

End users should consider blocking third-party cookies, or using a content blocker (not just an ad blocker) in their browser.

Since we first shipped support for web manifest and “add to home screen” in Opera 32 for Android last year, we’ve seen an increasing amount of interest in progressive web apps.

Here at Opera, we’re excited about progressive web apps’ potential to bring the web on par with native apps’ capabilities, and this while avoiding the whole app store submission process — indeed, web apps can be discovered in a low friction way on the web, and changes can be pushed instantly to all users, while preserving their privacy with a conservative ask-when-needed permissions model. Additionally, from our initial observations, it seems like web apps are especially suited for devices with limited storage space, which is great news. If you haven’t seen it yet, I recommend reading Flipkart’s interesting report about the boost in conversions and re-engagements they experienced after launching their Flipkart Lite web app back in November 2015.

However, one hurdle with our implementation thus far has been that, in order for progressive web apps to appear like native apps on the home screen, users have to tap the + sign, and pick “Add to home screen” by themselves, and that can be quite a roadblock.

That’s why in Opera 36, we’ve started showing a “progressive web app install banner” for sites that meet a set of criteria, qualifying them as a progressive web app. These criteria are as follows. The site must:

• Be served over HTTPS
• Have a manifest with a short_name and name, start_url, and a PNG icon of at least 144×144 pixels
• Have a service worker (making sure that the start_url functions offline)

In addition, we also have a user engagement condition, so as to not show the install banner too aggressively. The condition there is that: the user has visited your site at least twice, with 5 minutes or more between visits. Careful readers will notice these conditions are the same as in Chrome, but we may change this in the future.

If you want to try this out without waiting between visits, simply go to opera:flags, enable “Bypass user engagement checks” and restart the browser. If you then visit a site like WAVE-PD1, you’ll get prompted right away to add the web app in question to your home screen.

It’s also worth noting that in some cases, you may want to cancel the install banner from being shown. You can do this by intercepting the onbeforeinstallprompt event and preventing default on the event. You can see this in action on Flipkart Lite. When you load their site (with “Bypass user engagement checks” enabled), you’ll feel a vibration and a small icon animation in the top right corner, suggesting to “Install this webapp to your phone”. If the user taps this icon, Opera’s own install banner is shown, which the user is likely to accept; if she does not tap the icon, Flipkart can remind her one of the next times, whenever it seems convenient to do so. This is of course somewhat more complex to implement, but it offers more possibilities to re-engage the user at the right point in time, later on.

That’s it! Try it out with the apps listed on our Progressive Web Apps list, and let us know how it goes!

If you don’t like my voice, just see the slides.

More resources

• Non-technical guide to HTML Manifest that I wrote for .net magazine
• Manifest generator
• New Progressive Web App helps Flipkart boost conversions 70% and other business benefits of PWAs.
• Installable Web Apps and Add to Home screen: a longer tutorial on how to make a Progressive Web App.
• Progressive Web App install banners come to Opera for Android
• List of good Progressive Web Apps

ES6 default function parameter values

ES6 allows formal parameters to be initialized with default values if no value (or undefined) is passed.

function fn(x, y = 0) {
	return [x, y];
}

In this example, omitting the second parameter triggers the default value:

console.log(fn(1));
// → [1, 0]
console.log(fn());
// → [undefined, 0]

For more information, see “Parameter handling in ES6” or check out the demo.

ES6 destructuring assignment

Destructuring assignment makes it possible to extract data from arrays or objects using a syntax that mirrors the construction of array and object literals.

let a, b, rest;
[a, b] = [1, 2];
// → a = 1; b = 2
[a, b, ...rest] = [1, 2, 3, 4, 5];
// → a = 1; b = 2; rest = [3, 4, 5]
{a, b} = { a: 1, b: 2 };
// → a = 1; b = 2

Check out the demo for more examples.

ES6 Proxy and Reflect

Proxy objects can be used to define custom behavior for fundamental operations such as property lookup, assignment, enumeration, function invocation, etc.

The Reflect API offers imperative methods for invoking, examining or modifying values at runtime, and is very useful for working with Proxies.

Read “ES2015 proxies” for more information on both Proxy and Reflect.

ES6 block-scoped bindings in sloppy mode

const, let, class, and function now follow the proper ES6 semantics even in sloppy (i.e. non-strict) mode.

Symbol.toStringTag

Using Symbol.toStringTag, user-defined types can return customized output when passed to Object.prototype.toString (either directly or as a result of string coercion) by storing a descriptive string in a Symbol.toStringTag-keyed property.

const object = {};
object[Symbol.toStringTag] = 'yoloswag';
String(object);
// → '[object yoloswag]'

Promise rejection events

Two new global events, unhandledrejection and rejectionhandled, can be used to keep track of Promise rejections, including whether those rejections are handled after the fact.

See the demo for more information.

CSS Custom Properties (CSS Variables)

The CSS Variables spec defines a new primitive value type that is accepted by all CSS properties, as well as custom properties for defining them. As with other CSS values, they can be updated programmatically using JavaScript. See “CSS Variables: why should you care?” for more info. A demo is available.

Case-insensitive attribute value selectors

In HTML, the attribute values of certain attributes are compared ASCII-case-insensitively.

Consider the following CSS:

/* Every paragraph whose ID starts with `note` (case-sensitively) gets a lime background. */
p[id^="note"] {
	background-color: lime;
}
/* Every paragraph whose `lang` is `no` (ASCII-case-insensitively, in HTML) get underlined */
p[lang="no"] {
	text-decoration: underline;
}

And the following markup:

<p id="note-1" lang="no">1</p>
<p id="nOtE-2" lang="No">2</p>
<p id="NOTE-3" lang="NO">3</p>

In HTML and XML/XHTML, only the first paragraph gets a green background. In HTML, all paragraphs are underlined, but in XML/XHTML only the first is underlined.

Luckily, the i identifier can now be used in CSS selectors to opt-in to case-insensitive matching for attribute values, regardless of document language rules. With the i flag, all three paragraphs are highlighted and underlined in HTML and XML/XHTML environments:

/* Every paragraph whose ID starts with `note` (ASCII-case-insensitively) gets a lime background. */
p[id^="note" i] {
	background-color: lime;
}
/* Every paragraph whose `lang` is `no` (ASCII-case-insensitively) get underlined */
p[lang="no" i] {
	text-decoration: underline;
}

Note that the i flag only affects the case of matching the attribute value; not the attribute name or anything else.

Web Audio API updates

The Web Audio API defines IIRFilterNode, which is an AudioNode processor implementing a general IIR filter. Once created, the coefficients of the IIR filter cannot be changed, and no automation functions are allowed.

Additionally, Chromium now supports suspend() and resume() methods on OfflineAudioContext instances.

AudioContext.prototype.decodeAudioData now returns a Promise<AudioBuffer> that is resolved when decoding the audio data is finished. This is in addition to the existing callbacks, which are now optional.

Service worker: WindowClient.prototype.navigate()

It is now possible to trigger navigation from a service worker using the navigate() method on a WindowClient instance. Check out the demo.

Audio Output Devices API

The Audio Output Devices API specification defines a set of JavaScript APIs that let a web app manage how audio is rendered on the user’s audio output devices. With this feature it’s now possible for web apps to send audio to authorized output devices other than the system default. A demo is available.

Fetch API updates

The 'navigate' request mode as defined in the Fetch API specification is now supported. Check out the “custom offline page” service worker demo where this is being used.

Additionally, FetchEvent.prototype.clientId is now implemented. This read-only property returns the ID of the Client that the current service worker is controlling. The Clients.get() method can then be passed this ID to retrieve the associated client.

HTMLMediaElement.prototype.disableRemotePlayback

The Remote Playback API specification defines a disableRemotePlayback setter on HTMLMediaElement instances, which can be used to signal to the browser that this media element should not be played remotely. Enabling disableRemotePlayback by setting it to true causes the browser to not show any UI advertising remote playback, and prevents the element from being played remotely.

High-resolution event time stamps

Event.prototype.timeStamp indicates the time at which a given event took place. Previously, this timeStamp value was represented as a DOMTimeStamp, which was a whole number of milliseconds since the system epoch.

Starting with Chromium 49, timeStamp is a DOMHighResTimeStamp value. This value is still a number of milliseconds, but with a resolution of 5 microseconds, meaning the value now includes a decimal component. Additionally, instead of the value being relative to the epoch, the value is relative to performance.timing.navigationStart, i.e. the time at which the user navigated to the page. (We’re working on getting this into the spec.)

To convert a DOMHighResTimeStamp value to an absolute number of milliseconds since the epoch (e.g., to get a value to pass to the Date() constructor), use performance.timing.navigationStart + event.timeStamp.

A demo is available.

URLSearchParams

The URLSearchParams API defines helper methods for working with the query string of a URL (i.e. everything after ?). A demo is available.

<a rel=noopener>

You may be familiar with <a rel=noreferrer>, which prevents sending the Referer HTTP header and sets window.opener to null when following a link.

If you only want to disable window.opener but still send the Referer header, you can now use rel=noopener. Note that this is only needed for links that open a new navigation context, i.e. target="_blank".

Why would you want to do this? Well, if window.opener is set, a page can trigger a navigation in the opener regardless of origin, which is a potential security risk. Check out the demo for a more elaborate explanation.

Cookie Prefixes

Cookie Prefixes are a way of “smuggling” information in the name prefix of a cookie to ensure that certain attributes accompany the request to set a cookie. Chromium now supports the following cookie prefixes:

• __Secure-, which signals to the browser that the Secure attribute is required.
• __Host-, which signals to the browser that both the Path=/ and Secure attributes are required, and at the same time, that the Domain attribute must not be present.

Check out the demo for more information..

Improved handling of insecure source expressions in CSP

Sniffly is a timing attack to sniff browser history. One of its variants was based on a clever trick combining CSP and HSTS. In response, the CSP matching algorithm was updated to make insecure schemes in source expressions match their secure variants. That is, http: is now equivalent to http: https:, and http://example.com to http://example.com https://example.com. Likewise, 'self' now matches https and wss variants of the page’s origin, even on pages whose scheme is http.

Faster and more secure HTTPS connections

The standardized versions of the ChaCha20 stream cipher and Poly1305 authenticator are now used for TLS connections in Chromium. Compared to AES-GCM, this new TLS cipher suite is more secure, saves network bandwidth, and operates three times faster on devices that lack AES hardware acceleration such as most Android devices.

Geolocation now HTTPS-only

The Secure Contexts specification lists the Geolocation API as an example of an API that should only be available over secure contexts such as HTTPS. As of Chromium 49, the Geolocation API won’t work over insecure contexts anymore. If you need to use Geolocation, use HTTPS.

Smooth scrolling

As of Chromium 49, scrolling is getting smoother on Windows and Linux. But that’s not all: there are more potential improvements that may land soon, through Houdini and CSS properties like scroll-behavior: smooth. (On OS X, nothing has changed yet; smooth scrolling was already enabled, but only for keyboard-triggered scrolls.)

If you were using a JS library to implement smooth scrolling, now is a good time to stop using them. Scrolling in JavaScript has worse performance than native smooth scrolling, and old versions of SmoothScroll.js will stop scrolling entirely in the future when the scrollTop bug is fixed.

Deprecated or removed features

Support for the Pointer Lock API’s prefixed event properties MouseEvent.prototype.webkitMovementX and MouseEvent.prototype.webkitMovementY has been removed. Use the standardized versions, i.e. MouseEvent.prototype.movementX and MouseEvent.prototype.movementY, instead.

Support for the <keygen> HTML element has been removed. See the intent to deprecate mail for some background on this decision.

The non-standard TouchEvent.prototype.initTouchEvent is now deprecated. Use the Touch and TouchEvent constructors instead.

The non-standard navigator.getStorageUpdates() has been removed. It used to be a no-op anyway.

The presence of getComputedStyle(element).css* (except for .cssFloat) is non-standard behavior, so support for it has been removed. Use getComputedStyle(element).* instead.

Previously, Chromium treated the first two arguments (type and listener) of addEventListener and removeEventListener as optional, while they are non-optional in the spec and in other browsers. This has changed: calling these methods with zero or one argument now throws an exception.

document.defaultCharset has been deprecated and will be removed in a future release.

Object.observe has been deprecated as it is no longer on the standardization track and will be removed in a future release.

The WebRTC RTCPeerConnection methods createOffer() and createAnswer() now require an error handler as well as a success handler, matching the spec. Previously it was possible to call these methods with only a success handler. That usage is deprecated. This change paves the way for introducing promises on these methods, as required by the WebRTC spec.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

ES6: more well-known symbols

Two more well-known symbols have been implemented:

• Symbol.isConcatSpreadable points to a boolean value that indicates if an object should be flattened to its array elements by Array.prototype.concat (true) or not (false).
• Symbol.toPrimitive points to a method that converts an object to a corresponding primitive value.

CSS: improved auto

The implied minimum size of a flex item (i.e. min-width: auto or min-height: auto) is now also computed correctly when flex-basis is not auto.

CSS Writing Modes updates

The CSS properties text-combine-upright, text-orientation, and writing-mode are now available without the -webkit- prefix, and with new syntax matching the spec.

The isolate, isolate-override, and plaintext values for the unicode-bidi CSS property can now be used without the -webkit- prefix. Support for the non-standard horizontal-bt value (as in -webkit-writing-mode: horizontal-bt) has been removed.

Unprefixed CSS font-feature-settings

The CSS font-feature-settings property now works without the -webkit- prefix. This property provides low-level control over OpenType font features.

The -webkit--prefixed version is now deprecated and will be removed in a future release.

CSS Font Loading API improvements

Our implementation of the FontFaceSet interface (e.g. document.fonts) is now set-like, matching the spec. This means it has entries(), keys(), and values() iterators, and is itself an iterator (over the individual FontFace entries).

Also, the add() and remove() methods don’t throw InvalidModificationError anymore when adding or deleting a CSS-connected font-face to the same FontFaceSet. Here’s an example of that:

<style>
	@font-face {
		font-family: Test;
		src: local('Helvetica');
	}
</style>
<script>
	var face;
	document.fonts.forEach(function(f) { face = f; });
	document.fonts.add(face);    // no-op
	document.fonts.remove(face); // no-op, returns `false`
</script>

Previously, the above add() and remove() both threw InvalidModificationError exceptions.

A demo is available.

Fetch API: data: and blob: URL scheme support

Our Fetch API implementation now supports the data: and blob: URL schemes.

IndexedDB API additions

The IndexedDB getAll() and getAllKeys() methods are now supported on the IDBObjectStore and IDBIndex interfaces. Additionally, IDBObjectStore.prototype.openKeyCursor() and IDBTransaction.prototype.objectStoreNames have been implemented.

A demo is available.

MediaStreamTrack.prototype.remote

The remote property on WebRTC MediaStreamTrack instances is now available. It can be used to determine whether a stream track is from a remote source or a local one.

ServiceWorkerRegistration.prototype.update() more spec-compliant

The update method on ServiceWorkerRegistration instances used to always bypass the browser cache. Now, it only bypasses the browser cache if the previous update check occurred over 24 hours ago.

Touch and TouchEvent constructors

The Touch and TouchEvent constructors make it easy to programmatically create Touch and TouchEvent instances from an object literal.

const t = new Touch({
	'identifier': 42,
	'target': document.body,
	'clientX': 200,
	'clientY': 200,
	'screenX': 300,
	'screenY': 300,
	'pageX': 250,
	'pageY': 250,
	'radiusX': 2.5,
	'radiusY': 2.5,
	'rotationAngle': 10,
	'force': 0.5
});

A demo with more examples is available.

KeyboardEvent.prototype.code

The code property on KeyboardEvent instances is now implemented. The value of this property identifies the physical key that generated the keyboard event, regardless of the user’s current keyboard layout. For example, the physical Q key represents the symbol q on a QWERTY keyboard layout, but represents a on an AZERTY keyboard layout — but its .code value is 'KeyQ' in both configurations.

A demo is available.

Web Audio API: .connect() chaining

The connect method on AudioNode and AudioParam instances now supports chaining, as per the spec.

Before this change, you’d write code like this:

sourceNode.connect(gainNode);
sourceNode.connect(filterNode);
sourceNode.connect(destination);

Now that can be simplified as follows:

sourceNode
	.connect(gainNode)
	.connect(filterNode)
	.connect(destination);

A demo is available.

Deprecated and removed features

Support for the non-standard CSS values intrinsic and min-intrinsic has been removed. Use the standardized values max-content and min-content instead.

Support for CSS composite-mode: darker has been removed since darker is a non-standard value.

The glyph-orientation-horizontal and glyph-orientation-vertical CSS properties for SVG elements have been removed. Use text-orientation instead, just like you would for HTML elements.

The offsetParent, offsetTop, offsetLeft, offsetWidth, and offsetHeight properties on SVGElement instances are now deprecated and will be removed in an upcoming release. Per the spec, these properties should only exist on HTMLElements. For SVGElements, you can use getBoundingClientRect() instead.

The getTransformToElement method on SVGGraphicsElement instances has been removed, matching the spec.

The SVGPathSeg and SVGPathSegList constructors have been removed. They were part of the old SVG 1.1 spec, but have since been removed from the standard. If you rely on these APIs, you’ll be pleased to hear that a polyfill is available for them.

The getSVGDocument method is no longer available on HTMLFrameElement instances. We now match the spec, which makes this method available on HTMLEmbedElement, HTMLIFrameElement, and HTMLObjectElement instances only.

The non-standard item() method on TextTrackList and TextTrackCueList has been removed. Use tracks[index] instead of tracks.item(index).

Following the recommendation in RFC 7465, support for the RC4 cipher has finally been removed. HTTPS connections that rely on RC4 exclusively cannot be considered secure anymore and will therefore fail from now on.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

Making real-time audio-visual demos

At JSConf.asia, Mathieu spoke about creative coding, bringing the demoscene to the web, and crazy JavaScript optimization tricks. He then proceeded to code an audio-visual demo from scratch, live on stage, using nothing but web standards.

Random CSS fun facts

I had the pleasure of presenting at CSSConf.asia, and used that opportunity to showcase a series of obscure CSS fun facts, such as CSS syntax gimmicks and quirks, weird tricks that involve CSS in one way or another, and security vulnerabilities that are enabled by (ab)using CSS in unexpected ways.

In case you’re into that kind of stuff, there’s some terrible CSS puns at the end. (#cssbandnames, anyone?)

Array.prototype.includes

ES2016 (previously known as “ES7”) features a new array method named includes that determines whether an array includes a given element.

// Good ol’ ES5:
var isIncluded = someArray.indexOf(element) != -1;
// Shiny new ES2016:
const isIncluded = someArray.includes(element);

Compared to the old-school indexOf approach, includes handles NaN more elegantly:

var array = [NaN];
array.indexOf(NaN) != -1;
// → false
array.includes(NaN);
// → true

includes is also available for typed arrays such as Int16Array or Float64Array.

ES6 rest parameters

The ES6 rest parameters syntax allows functions to have a variable number of arguments without using the arguments object. Unlike arguments, the rest argument is a proper array, meaning array methods can be called on it directly:

// ES5:
function sort() {
	var sortedArgs = [].sort.call(arguments);
	return sortedArgs;
}

sort('z', 'y', 'x', 'a', 'c', 'b');
// → 'a', 'b', 'c', 'x', 'y', 'z'

// ES6:
function sort(...args) {
	var sortedArgs = args.sort();
	return sortedArgs;
}

sort('z', 'y', 'x', 'a', 'c', 'b');
// → 'a', 'b', 'c', 'x', 'y', 'z'

navigator.mediaDevices

The new navigator.mediaDevices API can be used to enumerate connected media devices and to retrieve their media streams. We recommend the following:

• Use navigator.mediaDevices.enumerateDevices() instead of the non-standard MediaStreamTrack.getSources() which doesn’t support audio output devices.
• Use navigator.mediaDevices.getUserMedia() instead of navigator.getUserMedia().

More info can be found on the Google Developers blog, and hey — here’s a demo.

MouseEvent.prototype.getModifierState

We now support the getModifierState method on MouseEvent instances. It returns information about which modifier keys were pressed at the time the event was fired. Previously, this method was only available on KeyboardEvent instances. This change matches the spec and makes these APIs more consistent. A demo is available.

requestIdleCallback

The new requestIdleCallback API allows scheduling a task to run when the browser is idle. This makes it possible to perform background work on the main event loop, without impacting latency-critical events such as animation and input response.

For more information, check out the excellent tutorial on the Google Developers blog.

InputDeviceCapabilities

The new InputDeviceCapabilities API provides details about the physical device responsible for generating an event. InputDeviceCapabilities.prototype.firesTouchEvents returns whether this device dispatches touch events. All types of UIEvent now have their own sourceCapabilities property which returns the InputDeviceCapabilities associated with the physical device responsible for them.

Fetch API: RequestInit.referrer

This feature allows requests captured by service workers to match the original referrer.

By default, a captured request gets the service worker’s referrer (i.e. the service worker’s script URL), but with this feature the request keeps the original referrer.

Updated default Fetch API request flags for service workers

The flags of request objects that are passed to the service worker’s Fetch Event handler for navigation requests have been changed. Previously, these were the defaults for mode, credentials, and redirect:

{
	'mode': 'no-cors',
	'credentials': 'same-origin'
	'redirect': 'follow'
}

The new defaults (matching the spec) are:

{
	'mode': 'same-origin',
	'credentials': 'include'
	'redirect': 'manual'
}

Cache API: matchAll

Cache.prototype.matchAll is now supported. It greatly simplifies bulk searching of the cache, and allows you to get multiple matches.

Removed features

The SVG 1.1 hasExtension() methods on SVGAnimationElement, SVGCursorElement, SVGGraphicsElement, SVGMaskElement, and SVGPatternElement have been removed in SVG 2. Now, they’re removed from Opera and Chrome as well. Don’t worry — these methods always returned false and were thus of no real use anyway.

The same goes for a few SVG 1.1 SVG element methods — they no longer exist in SVG 2. So long, pixelUnitToMillimeterX, pixelUnitToMillimeterY, screenPixelToMillimeterX, and screenPixelToMillimeterY, and thanks for all the pixels! (These properties didn’t do what their names suggested in the first place — all they did was return the constant 0.2645833194255829.)

Improved text selection

Chromium no longer highlights the gaps between content when painting selections.

More extension APIs

Opera 34 adds support for the chrome.desktopCapture API, enabling extensions with screensharing capabilities.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

You can check out the full video of our talk below:

“Progressive Web Apps” is an umbrella term for modern, performant web apps that cleverly take advantage of technologies like web manifest, push notifications, service worker, responsive web design, etc. to provide a top-tier experience on mobile.

The latest high-profile “progressive web app” example is of course the recently launched Flipkart Lite website, which was presented in a dedicated session at the summit.

And if you’re into little web games, also try adding this Inbox Attack demo to your home screen: it will lock to vertical orientation, and in Opera, the game will go full screen. I’ve even added vibration events to the buttons to make it more realistic :)

Here at Opera, we’re super excited about Progressive Web Apps and the role they will play in bridging the gap between web and native. We’re hard at work to further add installation prompting in Opera for Android, and support for push notifications and more is in the pipeline. Stay tuned, and if you’re curious to learn more, check out the other videos from the summit. We want your site to be a progressive web as well!

<link rel=preconnect>

The Resource Hints standard defines <link rel="preconnect" href="…"> as a hint that the browser should predictively open a connection to the supplied server for resources that will be needed later in the loading process.

<iframe sandbox="allow-popups-to-escape-sandbox">

The allow-popups-to-escape-sandbox flag for <iframe sandbox="…"> allows a sandboxed document to spawn new windows without forcing the sandboxing flags upon them, hence creating a clean browsing context. For example, a third-party advertisement can be safely sandboxed without forcing the same restrictions upon a landing page. A demo is available.

<iframe sandbox="allow-scripts allow-modals">

From now on, sandboxed frames block modal dialogs (such as those caused by window.alert(), window.confirm(), window.print(), and window.prompt()) by default to prevent them from popping up confusing messages to users.

If you really want to allow modal dialogs inside a sandboxed frame, add allow-modals to its sandbox attribute. A demo is available.

ES6 new.target

new.target is an implicit parameter that all functions have. It is to constructor calls as this is to method calls:

• Inside of a constructor, new.target is a reference to the constructor that was used when calling new.
• Inside of a normal function, new.target is undefined.

This is useful for distinguishing at runtime whether code is being executed as a constructor or as a function. new.target may also be used as a way to determine the specific subclass that was used with new from within a superclass constructor. A demo is available.

ES6 spread operator

The ES6 spread operator ... turns the elements of an array into the arguments of a function call or into elements of another array.

// Date of the Opera 33 release.
new Date(...[2015, 9, 20]);

// Or…
const dateParts = [2015, 9, 20];
new Date(...dateParts);

For more information, read Axel Rauschmayer’s explanation of the spread operator.

new DOMException(message, errorName)

DOMExceptions can now be programmatically created as follows:

throw new DOMException('The operation could not be completed', 'AbortError');

The first parameter is a custom error message; the second parameter is a value taken from the table of DOMException error names.

Trusted events

The isTrusted read-only property of an Event instance is true when the event was generated by a user action such as mouse click, and false when the event was scripted or invoked via dispatchEvent.

This is primarily useful for browser extensions, to determine if an event was dispatched by a script running in the main world or not.

A demo is available.

history.scrollRestoration

By default, browsers restore the scroll position when a user traverses history. This behavior works well for document-style web sites but it is often not appropriate for single-page web applications where the page content may be reconstructed (often asynchronously) upon navigation and where the application wants to control the details of visual transition between UI states.

The new history.scrollRestoration API makes it possible to disable this default scroll restoration behavior, as follows:

history.scrollRestoration = 'manual';

This leaves the web developer in full control over any scroll changes that may be required when a user traverses the app’s history.

For more details, see Paul Lewis’ blog post.

WebRTC bufferedamountlow event

The bufferedamountlow event makes it possible to monitor WebRTC data channel buffers. This allows pages to use WebRTC data channels for high-throughput applications more efficiently and conveniently, by removing the need to use timer-based polling for output buffer management.

CSS.escape(string)

CSS.escape(string) serializes string as a CSS identifier. This enables developers to easily and securely do things like escaping a string for use as part of a selector. Check out the demo, and use the polyfill to maintain compatibility with browsers that don’t implement this yet.

CSS intrinsic sizing

The CSS Intrinsic & Extrinsic Sizing Module extends the CSS sizing properties with the following keywords:

• fill
• fit-content
• max-content
• min-content

These keywords represent content-based “intrinsic” sizes and context-based “extrinsic” sizes, allowing CSS to more easily describe boxes that fit their content or fit into a particular layout context. A demo is available.

Cache API updates

The Cache API as available in window contexts, web worker contexts, and service workers contexts is now restricted to secure origins (such as HTTPS) only.

The addAll method on Cache instances takes an array of RequestInfo objects, fetches them, and adds the response objects into the Cache object.

Fetch API updates

Chromium 44 / Opera 31 added support for Request.prototype.context which has since been dropped from the spec. To match the spec, support for this feature has been removed in Chromium 46 / Opera 33 after being deprecated in Chromium 45 / Opera 32.

The Fetch API also defines a redirect setter on Request instances that tells the browser how to treat redirect responses (i.e. HTTP status codes 301, 302, 303, 307, or 308). This setter is now supported. It accepts the following values:

• 'follow' — follow any redirect responses;
• 'error' — treat a redirect response as an error;
• 'manual' — don’t follow the redirect, and return an opaque-redirect filtered response which wraps the redirect response.

HTTP Client Hints

DPR, Width, and Viewport-Width hints enable proactive content negotiation between client and server, enabling automated delivery of optimized assets — e.g. auto-negotiating image DPR resolution, image size, and other optimized assets based on signals such as the client’s viewport width. For more details, see the list of use cases.

Note that HTTP Client Hints can be used alongside the <picture> element to automate resolution switching, simplify art direction, and automate delivery of variable-sized images.

HTTP Public Key Pinning reporting

HTTP Public Key Pinning, or HPKP, is a standard that allows websites to send an HTTP header instructing the browser to remember (or “pin”) parts of its TLS certificate chain. The browser then refuses subsequent connections that don’t match the pins that it has previously received.

HPKP reporting can be used to detect misconfigurations as you’re rolling out HPKP. The Google Developers blog has a very good explanation of how this works.

Performance Timeline API updates

The Performance Timeline APIs (performance.*) were previously only available in window contexts. Now they are available in web worker contexts and service workers contexts as well.

Resource Timing-specific extensions now work without the webkit prefix.

Additionally, the workerStart property on PerformanceResourceTiming instances is now supported.

Service worker updates

The matchAll() method on Clients instances now returns the clients in most-recently-focused order, matching the spec.

The update() method on ServiceWorkerRegistration instances (which shipped in Chromium 45 / Opera 32) pings the server for an updated version of this service worker registration. In Chromium 46 / Opera 33, it now returns a promise that resolves with undefined if the operation completed successfully or if there was no update, and rejects if update failed. If the new worker ran but installation failed, the promise still resolves.

Proprietary codecs in Web Audio API

Opera now supports proprietary Web Audio API codecs. It is now possible to decode MP3s, for example, if your system supports it.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

During the next few weeks, members of the Opera Developer Relations team are attending the following conferences:

• September 25–27: JSConf EU, Berlin
• September 26: CSSConf EU, Berlin
• October 5–7: Future of Web Apps, London
• October 8–9: Fronteers, Amsterdam

If you’re there, come say hi!

As always, you can track our upcoming conference cameos on Lanyrd.

ES6 arrow functions

Arrow functions enable a more succinct way of defining functions.

const numbers = [1, 2, 3];
// Let’s use the so-called fat arrow syntax:
const squares = numbers.map(x => x * x);
// This is equivalent to:
const squares = numbers.map(function(x) {
	return x * x;
});

They differ from regular function definitions in that their this and arguments objects, as well as the new super and new.target variables, are lexically bound.

Check out Axel Rauschmayer’s post on arrow functions for more information.

ES6 array and TypedArray additions

The following ES6 array features are now available:

• Array.from
• Array.of
• Array.prototype.copyWithin
• Array.prototype.fill
• Array.prototype.find
• Array.prototype.findIndex

Furthermore, TypedArray subclasses such as Int8Array and Float32Array now support existing array methods such as forEach and map, as well as the abovementioned new methods.

Object.assign()

The Object.assign() function copies the values of all enumerable own properties from one or more source objects to a target object. It returns the modified target object. This enables easily merging objects or cloning them shallowly.

const first = { 'name': 'Tony' };
const last = { 'lastName': 'Stark' };
const person = Object.assign(first, last);

console.log(person);
// → { 'name': 'Tony', 'lastName': 'Stark' };
// Note: `first` was modified too!
console.log(first);
// → { 'name': 'Tony', 'lastName': 'Stark' };

// To avoid mutating `first`, use this instead:
const person = Object.assign({}, first, last);

Touch.rotationAngle

The Touch Events specification defines a rotationAngle property for Touch instances. This value represents the rotation angle, in degrees, of the contact area ellipse defined by radiusX and radiusY.

Reduced mouse position updates

While scrolling via trackpad or mousewheel, we previously sent mouse position updates every 100 milliseconds. Each mouse position update includes updating :hover styles, and dispatching mousemove, mouseover, mouseenter, mouseleave, and mouseout events. On pages with heavy mouse handlers or :hover styles, this could cause significant amounts of scroll jank.

To counter this, we no longer send mouse position updates while scrolling. Instead, we trigger this behavior 100 milliseconds after scrolling ends.

Deprecated features

MediaStream API

The following MediaStream API features have been removed from the spec, and are now deprecated in Opera and Chrome:

• MediaStream.prototype.label
• MediaStream.prototype.ended
• MediaStream.prototype.stop() (deprecated in favor of MediaStreamTracks.prototype.stop)

CSS / CSSOM

The CSSUnknownRule interface, which used to represent an unsupported at-rule, has been removed.

CSSKeyframesRule.insertRule() is deprecated in favor of CSSKeyframesRule.appendRule().

SMIL is now deprecated in favor of CSS Animations and Web Animations.

The motion-offset, motion-path, and motion-rotation CSS properties as defined in the CSS Motion Paths specification allow web pages to animate graphical objects along paths. Check out the demo.

DOM

DOM Attr instances (which represent attributes) now no longer have child nodes, matching the DOM spec.

The non-standard compareNode() and expand() methods on the Range interface have been removed.

document.charset is a non-standard IDL attribute supported by all engines except Gecko. There is a proposal to standardize it. In order to simplify standardization, document.charset has been made readonly, as a simple alias of document.characterSet.

Support for the filterRes attribute for <filter> elements has been removed in order to align with the spec.

Finally, at the Web Components F2F meeting in April 2015, it was decided that support for multiple shadow roots should be dropped from the spec. Chromium now logs a deprecation warning whenever an element hosts multiple shadow trees:

const div = document.createElement('div');
const shadowRoot1 = div.createShadowRoot();
const shadowRoot2 = div.createShadowRoot();
// Logs a deprecation warning.

Another result of that meeting is the deprecation of >>> / /deep/ and ::shadow pseudo-elements in dynamic profile. When a >>> combinator (the shadow-piercing descendant combinator formerly known as /deep/) is encountered in a selector, Chromium now replaces every element in the selector match list with every element reachable from the original element by traversing any number of child lists or shadow trees.

CSP2 self

In Content Security Policy Level 2, the 'self' source expression explicitly excludes the blob: and filesystem: schemes. If you wish to include content at those URLs in your pages, update your CSP directives to explicitly include those schemes.

CSSGroupingRule

The CSSOM CSSGroupingRule interface represents an at-rule that contains other rules nested inside itself. Per spec, CSSMediaRule and CSSPageRule inherit from CSSGroupingRule.

Service worker updates

Client.id

We now support the id property of a Client instance. Its value is a GUID allowing service workers to track client objects between termination and restart.

Client.postMessage and ServiceWorkerMessageEvent

Before Chromium 45, a Service Worker sending a message via Client.postMessage() resulted in a MessageEvent fired on the Client’s global scope (e.g. window). Since Chromium 45, the event is a ServiceWorkerMessageEvent fired on navigator.serviceWorker rather than window. Client.postMessage is now no longer considered to be an experimental feature.

ServiceWorkerContainer.getRegistrations()

The getRegistrations method on ServiceWorkerContainer instances returns all service worker registrations for the current origin.

ServiceWorkerRegistration.update()

The update() method on ServiceWorkerRegistration instances pings the server for an updated version of this service worker registration without consulting caches.

NotificationOptions.vibrate

The Notifications API spec defines a vibrate property on the NotificationOptions dictionary, which allows web developers to specify a vibration pattern for a notification.

Subresource Integrity

Subresource Integrity defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. In a nutshell, metadata inlined as HTML attributes allows the browser to determine whether the resource that was downloaded matches the resource the page’s author expected to download. Chromium now supports SI for <script> and <link rel="stylesheet"> elements.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

As always, this means a trade-off between experience and speed. Some sites may render differently, and some JavaScript won’t function as you expect. (Read more about Opera Mini and JavaScript and Making websites that work well on Opera Mini.)

High-compression mode

This release adds a new compression mode we’re calling “High-compression” that is fully web-compatible. (You can turn this on by tapping the red “O” and choosing “Savings mode” next to the Savingsometer.)

This new mode preserves layout and JavaScript. In High mode, you can expect about 30% to 50% compression (it can be a lot more than 50% depending on your browsing habits). This is accomplished by the power of Snowdoo, a Scandinavian form of voodoo. All page assets are proxied through our servers and “squished” before they’re sent to the device, resulting in a smaller — and therefore faster — download. HTTPS pages are not proxied in this way.

The actual rendering depends on the WebView component on the Android device. Older devices will have a WebView based on WebKit; more recent devices are Chromium-based, and from Android L, the WebView component is auto-updated.

Modes in other Opera products

Other Opera products have user-selectable rendering modes. See Opera Browsers, Modes & Engines for more information.

Fun fact

In beta versions of Opera Mini 11 for Android, High mode was on by default. We changed it after feedback that sites appeared “broken” because they didn’t render as people had come to expect from Opera Mini. It’s a good reminder that regardless of how you think your sites should look, your users know best; it’s their browser, and their choice.

CSS multi-column layout

Chromium now includes a brand new implementation of multi-column layout by Opera engineer Morten Stenshorne, solving historic issues with incorrect column balancing and interaction with compositing (hardware-accelerated layers). While it might have been possible to solve that in the old implementation, there was another big problem with the old implementation, code-wise: it needed a lot of hooks and special code in central layout code. The new implementation gives better support, and cleaner code that’s easier to maintain.

Note that for now, the -webkit- prefix is still required when using column layout-related styles.

A multi-column demo is available.

document.scrollingElement

Browsers disagree on whether html or body reflects the viewport for scrollTop et al. Some sites are using UA sniffing to decide which to use. Browsers want to align and use html (in standards mode), so sites that UA sniff need to be changed. To assist with this transition, Chromium now implements the document.scrollingElement API. Developers can now use that, falling back to a polyfill or whatever solution they were using previously.

See Simon’s write-up on fixing the scrollTop bug for more background.

ES6 computed property names

ES6 computed property names enable specifying properties in object literals whose names are the result of expressions rather than just hardcoded identifiers or strings.

const prefix = 'foo';

const object = {
	[prefix + 'bar']: 'Hello',
	[`${prefix}baz`]: 'world'
};

`${object.foobar} ${object.foobaz}!`;
// → 'Hello world!'

ES6 Unicode code point escapes

Unicode code point escapes such as \u{1F389} are now supported in string and template literals. This way, any symbol can be escaped using its Unicode code point.

Before ES6, JavaScript supported the so-called “Unicode escape sequences” of the form \uXXXX which only allowed up to 4 hexadecimal digits. Code points requiring more than four hexadecimal digits, (such as the immensely important party popper emoji), had to be represented using UCS-2/UTF-16 surrogate pairs.

// Let’s represent the U+1F389 PARTY POPPER Unicode symbol
// in a JavaScript string using escape sequences.

// In ES5, we’d have to calculate the surrogates manually,
// and use two separate escape sequences:
console.log('\uD83C\uDF89');
// '🎉'

// In ES6, we don’t have to calculate anything — we can
// simply use Unicode code point escapes:
console.log('\u{1F389}');
// '🎉'

Cache.prototype.add(request)

The add method on Cache instances is now supported. add takes a RequestInfo object, fetches it, and then adds the resulting response object to the cache.

Request.prototype.context

The read-only context property of the Request interface contains the context of the request (e.g. 'audio', 'image', 'iframe'). This indicates what sort of resource is being fetched.

The context of a request is only relevant in the ServiceWorker API. A service worker can make decisions based on whether the URL is for an image, or an embeddable object such as a <video>, <iframe>, etc.

Web Audio API updates

Matching a change in the Web Audio API specification, the buffer property of an AudioBufferSourceNode can no longer be set more than once. This protects developers from the lack of control over when the new source starts. Previously (as of Chromium 42 and Opera 29), if the buffer property is assigned to more than once, a deprecation message was logged to the DevTools console. Now, doing so throws an error.

The channel order of ChannelMergerNode is now static after instantiation, matching the latest spec. This change addresses various issues with the previous implementation.

What’s next?

If you’re interested in experimenting with features that are in the pipeline for future versions of Opera, we recommend following our Opera Developer stream.

On Friday, Microsoft invited me to speak about installable web apps at their first JavaScript Open Day: I talked about various exciting recent additions to the web stack, such as Service Workers and device APIs, and of course also “add to Home screen”, which we’ve previewed in a labs build last week. You can find a video of my talk below.

On Saturday, it was time for Edge Conference, which is a “day of group discussion and debate on advanced web technologies for developers and browser vendors.” I moderated the “installing web apps” breakout session, which turned out to be an excellent one hour discussion with various browser representatives and mobile web developers, covering “add to Home screen” functionality, its UX, permissions, OS integration, and much more. It got the best rating of all Edge sessions, so you can tell we had a blast :)

For those interested, Bruce’s raw notes of the breakout are available on Google Drive and here’s an image of the session as well.

As a final note, we’d be very interested in talking to any developers who are implementing add to Home screen, Service Workers or Push Notifications on real, commercial websites, with a view to publishing an article on Dev.Opera (we even pay!). Tweet us at @ODevRel.

Today, we’re excited to release a special labs build of Opera for Android with an experimental new feature, called “Add to Home screen”, which you can find when clicking the small plus button on the left of the address bar.

When a user clicks “Add to Home screen” after loading your site in Opera, a shortcut to your site is placed on the Home screen of their device, allowing for direct access and increased visibility.

There is more though: “Add to Home screen” also supports the new Web Manifest spec, which means that a website added to the Home screen can be configured to open with a particular UI mode, orientation and more. It’s even run as a separate process, just like a native app. We call this “Installable Web Apps”.

Why?

We’re very excited about Installable Web Apps, as it bridges the gap between native and web apps in a most elegant way: it allows you to build applications using the full web stack that run in the browser as well as outside of it, without sacrificing crucial functionality like hyperlinking, and without the need for app stores or gatekeepers.

If you want to read more about why this is an exciting evolution, Alex Russell of the Google Chrome team has an excellent write-up called Progressive Apps: Escaping Tabs Without Losing Our Soul that explains many of the advantages from both a developer and a consumer perspective.

Here are two more that appeal to us:

No update distribution lag

With a centralised app store distribution model, the user receives a notification that a new version of your app is available; they download it and install it. However, in many parts of the world, data is expensive or WiFi is a luxury, so people don’t update over their mobile connections. This means that outdated versions of your app continue to be used long after you’ve released an update. If the outdated version has a security flaw, this is a problem.

With Installable Web Apps, the app is actually on your web server, so the instant you update it, everybody gets it, at the time they need it — there’s no update distribution lag, and the user isn’t wasting their precious data to download a complete new version of your app.

Less storage space required

The average app user has 36 apps on their smartphone (PDF). 25% are used daily (social/comms/gaming); 25% are never used.

Those occasionally used apps are taking up a lot of storage on a device that may be inexpensive and therefore have little space. We know from the 2015 Google I/O keynote that

Over a quarter of new Android devices have only 512 MB of RAM

and, according to Techrepublic,

Internal storage is particularly important, because this is where your apps are stored. If you buy a budget or entry-level phone, you’ll probably find around 512 MB of internal storage. With this low amount of storage, you’ll only be able to install a few apps.

Installable Web Apps only store an icon, a text-based JSON manifest and some cached data on the device, which is likely to use less storage.

Installation mechanisms

In this labs build, site visitors can add a website to their Home screen by tapping the + icon on the left of the address bar.

In a future release, we’ll make it more discoverable: under certain circumstances Opera will prompt the user to add the site they’re visiting to the Home screen.

Defining icon and start-up characteristics

To make your site “installable”, you need to declare some characteristics in a special manifest file, and make sure it’s served over HTTPS. If it’s served over HTTP or the manifest is missing, a shortcut is placed on the Home screen, but you don’t get a real installable app, display modes and orientation settings don’t take effect, etc.

Spec author Marcos Cáceres and Bruce documented what goes in the manifest in an HTML5 Doctor article called HTML App Manifest.

You can check out the one we made for Dev.Opera on GitHub.

Display modes

The specification defines display modes: in essence, these are different ways to show your web app.

Opera for Android supports

• fullscreen — the app will take all the screen; hardware keys and the status bar will not be shown. Note, this is not the same as HTML5 fullscreen mode.
• standalone — no browser UI is shown, but the hardware keys and status bar will be displayed.
• browser — the app will be shown with normal browser UI, ie. as a normal website. Note that custom orientations are not yet supported in this mode.

The minimal-ui mode is not supported; it falls back to browser as the spec requires.

Navigating outside the app’s scope

If the user follows a link that takes them outside the domain of an installed web app, the browser will flash 68 times, the device will vibrate like a walrus possessed by Satan and a klaxon will sound. Just kidding! In that case, the externally linked site will open in a new tab in Opera, showing the address bar, so you know where you are.

Conclusion

At Opera, we’re excited to promote Web Apps to be “first-class citizens” on Android devices and beyond, with visibility alongside native apps; we love the Web and we want to see it thrive.