Wednesday, September 19, 2018

Safari 12

John Gruber:

My favorite new feature today, of course, is the ability to show website favicons in Safari tabs — a feature now available in Safari 12 and iOS 12. They’re off by default, but the way they work on Mac, iPad, and iPhone is just perfect.

This is great.

Ricky Mondello:

I’m going to highlight a few iCloud Keychain, Safari, and WebKit features and improvements that mean a lot to me. (Thread…)


While you’re in Safari 12’s preferences on macOS, stop by the Passwords pane, which has a new look and a feature to show you where you’re reusing passwords.


The link to change your password for a website through iCloud Keychain on iOS 12 and Safari 12 allows for web developers to help streamline the password change process.


If you’ve ever had a website insist on using a pop-up window to do something important, you’ll appreciate Safari 12’s new affordance for allowing a blocked pop-up from a website.

Dan Moren:

Firstly, Safari no longer supports extensions cryptographically signed by developers themselves. The browser also implements a new Safari App Extensions API, which doesn’t have all the features of the previous, now deprecated extension API, causing some developers to cease work on extensions.

Howard Oakley:

There is, though, a worrying anomaly in Safari 12’s handling of plugins. XProtect is the tool which determines the oldest version of vulnerable plugins such as Flash which are permitted to operate. With Apple’s six-month neglect of updating the XProtect database, macOS and Safari 12 currently tolerate six-month old versions of Flash and other vulnerable plugins.

hax (via Hacker News):

Per my testing, the bug is due to the optimization of array initializers in which all values are primitive literals. For example, () => [1, null, 'x'] will result in such an array; all returned array references from this lambda will link to the same memory address, and some method like toString() will be cached. Normally, any mutable operation on such arrays will copy the data to a separate memory space and link to it; this is called copy-on-write, or CoW for short.

The reverse() method mutates the array, so it should trigger a copy-on-write. Apparently, it no longer does so, which causes the bug you’re seeing.

Previously: Ghostery Lite, Safari Should Display Favicons in Its Tabs, Intelligent Tracking Prevention 2.0.

Update (2018-09-27): Chris Nebel:

Notice Safari launching faster in macOS #Mojave, especially if you have a HDD? You’re welcome.


1. Safari no longer loads a redundant listing of all your LocalStorage databases at launch. This could take several seconds on an HDD.

2. Safari now only spawns WebContent processes at launch for tabs that are visible. This is a big deal if you have State Restoration on and leave lots of tabs open; it saves around half a second per tab on an HDD.

Update (2018-10-03): William Tsing:

“Safari turned off extensions that slow down web browsing.” In the most literal sense, this is true.  Browsing without any extensions at all would most likely be fractionally faster. This is not why Safari turned them off, however.

“You can find newer extensions in the App Store.” This is literally true. But can you find newer versions of the specific extensions referenced? Who knows? The extensions in the screenshot at the top were most likely turned off because they did not come from the extension gallery to begin with, and only one had a new app extension available at time of writing.

Apple does not communicate any of this via the dialog box.

4 Comments RSS · Twitter

I guess there also are improvements in the new Safari App Extensions API, but if you rely on extensions like Ghostery and uBlock Origin you will probably not enjoy where this is heading. Right now you can still activate them again (they are automatically inactivated after the update) but the writing is on the wall. Ghostery is preparing a simplified version – Ghostery Lite – but as the name suggest I assume it won't have all the functionality of the current extension. As for uBlock Origin it does not seem to be any work done (or if it is even possible) to port it to the new API.

@ AdrianB - There are multiple extensions in the Mac App store that do the same thing as Ghostery or uBlock Origin - blocking ads and trackers. And they all use the same blocklists as uBlock (basically). I personally use 1Blocker, which is a little bit more on the pricy side but has been around for a long time and has a decent reputation, but some of those Safari extensions go for as little as 2 USD.

Yeah, I'm already using 1Blocker for iOS and I know there are others as well, but do the really work as well and are the able to the exact same things as Ghostery and uBlock Origin specifically?

I was under the impression that there are limitations to what these MAS extensions can do, compared to the ones that where using the old javascript API. (I don't know exactly what though, I think I read something about not being able to subscribe to updated blocklists.)

Also, there seems to be a lot of users that thinks uBlock Origin is currently the best one out there.

I am much more interested in the "Webkit" improvements, i.e HTML / CSS features, Javascript and Rendering Performance improvement than the user features from Safari 12. The Webkit team promised that will blog about it later.

Leave a Comment