The Opera web browser consists of two components, a platform independent core (or rendering engine), and a user interface component. Opera share the same user interface across all mainstream desktop platforms such as Windows, Mac and Unix systems, minor differences can still be found between them though. On other devices such as mobile phones, TVs, interfaces are typically smaller and less feature rich.
Most of the security mechanisms in Opera are focusing on SSL and scripting.
SSL related
- Opera use a padlock with 3 grades for signaling the encryption strength of the site (level 3 is highest - strong encryption).
- On a secure page, Opera will display the name of the organization and country of origin in the location bar, next to the padlock. This is the information as given in the certificate
- The background color of the padlock/organization name gives an indication on the security level.
- Opera puts special restrictions on mixing content from secure and insecure servers. In such a case the page is considered insecure.
Scripting related
- Window object restrictions
- scripts cannot open windows out of sight or too small
- scripts cannot close windows not opened by the same script before
- scripts cannot access other windows
- Cookies
- scripts cannot access cookie data from other sites
- Location
- scripts cannot read what locations a user has visited
- AJAX (XMLHttpRequest) can only connect to the same host as the page was retrieved from.
- Scripts cannot be used to set the value attribute of a file input (file upload).
- Locationbar and status bar cannot be disabled for popups.
Miscellaneous
- script generated pop-up dialogs, and authentication dialogs are tab-aware. They will only appear over the related tab, if the tab in question is not the active one, the dialog will not appear until the tab is activated.
- Opera is configured to "block unwanted popups" by default (window.open as a result of a click is typically wanted).
- When a javascript alert() dialog is displayed, you have an option to disable scripts on the page.
- Since Opera 9.10 Opera has a built-in phishing filter which will give you a warning before allowing access to a suspected phishing site.
- Opera will check for browser updates weekly and suggest upgrading when a new version is available.