Opera's site patching
By Hallvord R. M. Steen. Tuesday, 7. April 2009, 22:55:44
You know the complexity of web technology is getting out of hand when every website needs some special treatment. Imagine driving a car if you had to change the engine slightly or replace wheels every time you turned a corner and entered a new street? Browser development is a lot like that these days.
Nearly every modern browser has site patching features, to grease the wheels where the nuts and bolts of standards are exposed to the unpredictable elements of the web:
- IE8 shows sites on the compatibility list in IE7-mode
- Google Chrome spoofs on Hotmail
- Safari has obscure, un-documented site-specific hacks
- Firefox apparently only has the User Agent switcher extension - but it is extremely popular in spite of its niche audience.
- Opera has user agent spoofing and browser.js
Treating every site differently? That sounds insane. It's clearly impossible. For starters, there are billions of websites, all different. And they keep changing with millions of lines of code being added or changed every day. Who can possibly keep up with that? Besides, aren't standards supposed to be the answer?
Standards
I commend the standardisation efforts and the evangelists at The Web Standards Project and elsewhere. Without you we would be far, far worse off. The future might even be on your side - more and more sites validating and cleaning up their standards story. Power to you!
Various Opera teams take part in the standards work too, including doing education and outreach. Our Open The Web team contacts web sites with advice on cross-browser compatibility and standards compliance.
But the browser is the user's agent. Across all sites breaking the rules and standards in different ways, we owe the user to do anything we can to make them all work whenever possible. Often a broken site is not our fault, but it's most definitely our problem. And we must make it work today. Not in 2022..
Hence, we patch.
Since we see various more or less ad-hoc approaches to site patching develop among our fellow browser vendors, it seems like a good time to share some of our experiences - what I think are the strengths and constraints of our particular implementation.
Strengths
Experience
Opera has more experience with site-specific patches than other browser vendors, since we've been patching the web since Opera 8.01. I believe our solution is also by far the most advanced one. Special commands available to User JavaScripts make up a simple yet powerful API for modifying and correcting a website. With getters and setters and DOM interfaces we can change Opera's behaviour to match most standard deviations the script expects. Sometimes we add a specific missing style or even remove some object or policy that gets in the way. And when a web site uses browser sniffing we can often dig in and repair the exact line of code that is broken! Some random examples:
- We can add the single missing class name when AOL Japan abuses browser detection and doesn't apply correct styles, and correct AOL webmail's spelling mistake when they spell dojoType as dojotype.
- We can fall back to a graceful postMessage() call when E*Trade tries to violate the security policy against navigating another site's frame when it loads encrypted content
We can also override settings like what browser we identify as and what rendering mode (quirks or standards) we should use for a specific site through downloadable preferences.
Bugfixes
Given the power to change websites and change Opera, we can sometimes even work around our own bugs.
- When the menu on weather.com disappears because mouse events happen in the wrong order, I can re-order them
- When search results on Google Codesearch appear as white-on-white I can re-style them
Now there's a thought. Opera - the browser that works around its bugs so you don't have to? This is like a time machine - we can fix our past sins for already released versions.
In the long term, this is a very important and subtle effect of browser.js: there will be less Opera-specific hacks to worry about. Both IE8's upgrade woes and our own experience tells us that workarounds against our own old bugs are among our worst problems. We did the wrong thing, sites did the wrong thing in response. We fixed it on our side, but the web never forgets your old bugs.
The difference with browser.js? When we release a new version with bug fixes, corresponding browser.js patches are secretly dropped as obsolete. What used to work because of browser.js hacks keeps working because the new version supports it, making the upgrade experience smoother for users and web developers alike, and a lot simpler for us. I can almost feel the envy of the IE8 team across the Atlantic.
Another interesting effect is that we can implement new standards with less worries. When HTML5's <input required> feature breaks Barnes & Noble because the user name field in the login form isn't really required input after all when you click the "create account" button - we can first patch it, and later tell the spec editor about our problems and discuss if the spec can be made more web-compatible.
Transparency
From the very beginning, one of the main concerns was that our fixes would prevent webmasters from finding and correcting problems. We might even end up creating problems if our patches linger on while the site changes.
To make things as transparent as possible, the patches are documented, we try to keep the file itself readable and reasonably well commented (though we also try to avoid unnecessary download bloat). And every patch applied will output a message in Opera's error console trying to make it obvious what is going on.
Scope
Site patching is cross-platform. Actually, that's an understatement. Did you know we have site patches for Nintendo Wii? And for the DSi? For Opera on Windows Mobile, Symbian, BREW and Archos's portable media players? Heck, we even have patches for Opera Mini!
- When Hotmail and Yahoo mail require rich text editing to compose E-mail we can fake rich text support even on devices with input and CPU limitations where rich text support is impossible
- If Facebook's fancy animations take too long to run for the Opera Mini server - it needs to pass content on to the actual client after all - we can cut them short and yet perform the important actions Facebook saved for the end of the animation.
It's an ambitious scope, probably much more ambitious than it might seem from the outside. The devices and platforms have very different requirements and problems. For example:
- On the Wii we have a minimum font size to keep things readable - but this often causes unexpected widths, wrapping and repositioning content in ways that don't happen on a Desktop browser. We patch several sites that have too rigid positioning to accomodate a slightly larger font size.
- Using an on-screen keyboard on the Wii and many mobile phones means the window resizes itself every time you focus a form element - to make room for the keyboard. When British Airways re-loads the booking page every time you resize it, booking a ticket with a virtual keyboard becomes pretty hard...
- ..and when eBay in France tries to count your keydown events to make sure you don't cheat and paste your e-mail address into the registration form's "re-type E-mail" field it won't work with on-screen keyboards either. Some of them just don't support key events. Come on eBay, I really did type it in. I mean, REALLY! On hardware where cut-and-paste isn't even AVAILABLE!...
When dealing with such a range of problems the true and magic potential of browser.js becomes apparent.
Infrastructure
To support all this, we need some nifty download servers picking the correct file for any client that asks for one. We have a database of patches and meta data like what versions and platforms a patch applies to. But did you know we also have a script spidering sites to check if broken parts are still there? When a patched site changes a relevant piece of code, I want to know about it. I love the sound patches make when they hit the virtual "obsolete" bin.
Constraints
Time
So much power, so little time.. Analysing sites and developing patches takes a lot of time. We are nowhere near IE8's overwhelming list of 2400+ sites. (Actually, browsing the IE8 list is a Déjà vu experience. Many familiar names, many sites we need to patch or contact for various reasons too.)
Nevertheless, our list is shorter - fortunately! Technical analysis with the level of detail required to support our site patching can be very time consuming, so I hope we'll remain smaller and more focused than the IE list. We will however scale the efforts up - we're at 600+ entries in the database and there is room for plenty of more - and we welcome contributions.
Performance
I just said there is room for plenty of more patches. But how far can we scale site patching before performance suffers too much?
Apparently we can keep going for quite a while. Some profiling work we did recently indicates that we can patch upwards of 10 000 specific sites without slowing Opera down by more than a couple of percentage points. And frankly, by the time we've written patches for 10 000 sites you've probably bought a more powerful computer..
Security
Isn't it unsafe? Can't a virus or malicious server fake your browser.js file and gain instant control of your Opera browsing?
The short answer is: no.
The longer answer is that this would be possible without our security precautions, but it is in fact all taken care of. Every file is signed, so Opera can check that it is a genuine file and that it has not been tampered with. Such a signature is very, very hard to fake. If a malicious server or virus alters the file, Opera will stop using it and try to download a fresh version from the server.
Conclusions
One of the things that surprised me most about browser.js work is how quickly the web changes. By paying such close attention to specific sites we see the web as a whole evolve, and it's iterating faster than I would have dared to expect. And contrary to what you might expect, we do see sites change to become more Opera-friendly after we've patched them!
That means site patcing works. It works because it improves compatibility, thereby giving users a real choice in browsers and - as weird as it may sound - as a direct effect of that, it gives webmasters incentives to make sure their sites are Opera- and cross-browser-compatible.
Welcome to the future - made of and with standards, openness and site patching.
About the author
Hallvord R. M. Steen works for Opera's core team on quality assurance, testing and web compatibility. He maintains the browser.js file and can break all websites worldwide with a minor typo.
WIDGETIZE
Chas4 # 8. April 2009, 00:14
I did not know about the ones for the Wii or Opera Mini
zibin # 8. April 2009, 03:44
Robin_reala # 8. April 2009, 10:37
hallvors # 8. April 2009, 12:09
mvonballmo # 8. April 2009, 13:42
remcolanting # 8. April 2009, 14:04
netwolf # 8. April 2009, 19:56
What I'd like to know is: is there some kind of changelog of the browser.js file?
Aux # 8. April 2009, 20:09
zoquete # 8. April 2009, 20:19
opera:config#UserPrefs|BrowserJavaScript 0
hallvors # 8. April 2009, 22:51
netwolf: we don't do changelogs at the moment, no. Getting something organised would be quite trivial if there is interest.
zoquete: the Web would certainly be a better place if such solutions were not required. If you don't need browser.js at all I admire your exquisite taste in websites
However, we're actually not going to get interoperability magically delivered by remaining marginalised because sites don't work in Opera. That creates a vicious cycle of low usage share, no web developer testing, broken sites, even lower usage etc.
zoquete # 8. April 2009, 23:07
I really don't need it.
zoquete # 8. April 2009, 23:27
If (page code invalid --> display blank page with warnings) 8-)
Chas4 # 9. April 2009, 00:53
zoquete # 9. April 2009, 01:04
Chas4 # 9. April 2009, 01:17
jerobarraco # 9. April 2009, 03:41
asp says it "smartly" writes the page depending on the site, i say. if it's smart, then is doing it to NOT work on opera.
just change the identification and you'll notice.
patches shouldnt exists. we are in 2009 for crhist sake.
html is well known all over the planet, how can still be something that depends on browser implementations?
standards should be that, standards.
thumbs up for opera.
Chas4 # 9. April 2009, 04:38
I know we are in 2009, tell that to the people who are still writing IE only code, and have not switched to web standards code
This is from a few years ago http://www.opera.com/press/releases/2003/02/14/ But it still goes on. The other minor browsers are hit the hardest by the non web standard code
The site patches are there to fix the bugs until the web master fixes them. hallvors has a good post here.
An average non-tech savy computer user will not use a site if it breaks in any browser. They don't know or care (usually) whose side the bug is on all they need is for the site to work.
I have hotmail open in Opera for about 10 hours a day and it works fine because of the browser js and masking as ff to get around the browser sniffing. Sniffing is only useful for stats and if you have very strict security for sensitive data.
zoquete # 9. April 2009, 11:31
I remember the release
hallvors # 9. April 2009, 11:31
HOWEVER, technical errors are NOT for "normal" end users. My mother uses Opera. She absolutely detests the number of interruptions from her computer - warnings, upgrade notifications, sudden popups appearing and disappearing. She regularly calls me because the computer pops up "something" she can't understand.
Error messages of any kind are best directed at those who can do something about them. End users will only get frustrated.
So no, any suggestions involving not displaying invalid sites is extremist nonsense. I'm not going to punish my mum by refusing to show her web content for some web developer's stupidity or an authoring tool's bugs.
hallvors # 9. April 2009, 11:48
remcolanting # 9. April 2009, 15:11
Perhaps a list of UAs then? Or even better: the (part of the) script that parses the UA into the different versions?
Of course I could try all UAs from Opera 8 and up but that's a *lot* of UAs and they'll probably get me a lot of duplicates. Having an idea of what you version them for would really help, like every 9.2X gets the same, every 9.5X gets the same, etc.
Too put it simple, I'm asking for the tools to create my own list of UAs to use. The ones I know nothing about like the Wii/DS/DSi are the most important to me at the moment.
FataL # 9. April 2009, 17:11
Chas4 # 9. April 2009, 17:44
hallvors # 13. April 2009, 15:52
I'd like those changes in but I don't know right now if it will happen.
hallvors # 13. April 2009, 16:00
Don't think I've ever been translated to Russian before. I'm honored
Also, nobody commented on this article's "Easter eggs" yet..
Chas4 # 13. April 2009, 16:26
zoquete # 13. April 2009, 16:49
FataL # 13. April 2009, 17:00
hallvors # 16. April 2009, 22:48
Chas4 # 16. April 2009, 22:56
I read them all very funny. The fb one is so tru lol
Keldian # 19. April 2009, 20:22
By the way, I wished this article to be available for non-English speakers, so I took the time to translate it to Spanish, in a Chilean site I always visit:
http://www.chw.net/foro/webmasters-f91/238726-parcheo-de-sitios-en-opera.html
Greetings.
hallvors # 23. April 2009, 17:10
fearphage # 17. May 2009, 03:18
Originally posted by core:
This is generally not used in a way similar to site patching. This is often used for nefarious things like changing the useragent to the googlebot UA so you can go into forums without logging in and browse subscription content for free... since most people want their content indexed. And about your comment, opera doesn't have this functionality built in. Can you event add additional useragents in opera? even by hand (.ini)? The firefox ua changer allows you to hand-type your user agent... completely custom.Originally posted by hallvors:
quoted for truthery (emphasis by me)hallvors # 20. May 2009, 21:19
No, you can't. Thanks for pointing out that the Firefox UA switcher allows it - interesting!
fearphage # 22. May 2009, 07:33
Originally posted by hallvors:
Where is this on the list of priorities? Opera's engine is great but it has many small issues. All these small issues keep adding up though. I've been filing bugs against the js engine for ages. Opera is currently a hostile web development environment. One would assume this would bother some people. A poor debugging/web development experience influences browser support/compatibility as well. Do the core developers realize this? Are the people that actually decide what bugs get fixed aware of this? You, I and others end up debugging and patching things in Opera as a 3rd party because it is literally a pain in the ass to debug in Opera. Non-informative error messages (more*) (another), silent failures, falsified errors (more), malformed errors, inconsistent messages, and usability** issues*** make developing and debugging more than inconvenient in Opera. It's a proper hassle. I support Opera every single day. Sadly, I don't feel like the core team is returning the favor.* This error has shown that it is being worked on but I hope work is not complete. It still has a ways to go.
** The original bug number for this was #295663 (before jira)
*** I had to file this one again as i can't find a bug number for it in my stash.
hallvors # 9. June 2009, 11:41
Still a problem, considered a bit of work to fix
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=794
Confirming the part about not giving the script number. The rest of this report seems to be mostly complaining about issue #71 (first link above).
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=283 (CORE-9489) - still a problem
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=318 (CORE-10884) - This one seems fixed. At least with the TC we have internally, the stack trace is complete. There may be other scenarios that still break - seen it lately?
https://bugs.opera.com/browse/dsk-252356 (CORE-21729) - still an issue
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=800 (DSK-253048) - basically invalid, what happens is that the mouse event is sent to the document and not the window.
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=782
Assumed fixed internally.
http://files.myopera.com/fearphage/screenshots/lies.png
Can you suggest a better wording for the "intranet redirects to WWW" scenario?
hallvors # 9. June 2009, 12:24
(CORE-16246) - still an issue
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=662
(CORE-17046) - still an issue. I think it's quite minor though.
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=706
- just fixed internally a few days ago
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=258
- this is also solved (though the ellipsis part is not, it's now CORE-21732 - very minor though)
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=440
Now considered a dup of CORE-21733
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=673 - can't reproduce
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=809 - I think this feature request is best served by Dragonfly development
http://opera.remcol.ath.cx/bugs/index.php?action=bug&id=808
UI issue
hallvors # 9. June 2009, 12:39
Absolutely. And I hope it's starting to change with Dragonfly - as the core versions progress and Desktop picks up the changes, Dragonfly is going to get more and more powerful. Built-in automated testing for web application developers is coming with Watir support.
Error reporting is seeing some work and changes too. The developers just cooked up a small feature you're going to like even though you haven't even asked for it
Anyway, this is a bit off-topic for the article so let's stop.
:-p
netwolf # 9. June 2009, 12:48
Originally posted by hallvors:
But it sounds interesting, so carry on...
FataL # 9. June 2009, 16:09
Thanks Hallvors!
fearphage # 9. June 2009, 20:54
Originally posted by hallvors:
SWEET! That's the kind of awesomeness i like to hearEDIT: Whoa! Just read the rest of your posts. I only saw the last one at first. Consider me impressed and very, very appreciative
Chas4 # 23. July 2009, 23:59
BS-Harou # 4. September 2009, 19:16