Safari 10 brings fast, native App Extensions to the macOS browser, web content
Building on work completed last year to enable Web Content Blockers, Apple's new Safari 10 enables a wide range of native code App Extensions that users can automatically obtain and update through the Mac App Store, contributing to faster performance, enhanced security and better reliability.
Safari 10 for macOS
Back in 2010, Apple introduced a Safari Extensions Gallery for Safari 5.0, enabling developers to build extension plugins for Safari using web standards such as CSS and JavaScript.
Safari 5.0 Extensions Gallery
Safari 5.0 Extensions provided a way for third parties to add buttons to the Safari toolbar, make a new extension bar, change the way web content appeared or add controls to web pages. The architecture also supported digital signing so that developers could verify where a particular extension originated and prove that it hadn't been tampered with.
Apple helped third parties distribute their Safari Extensions in a Gallery which acted like a web-specific App Store for both perusing new extensions and obtaining updates. Building these extensions in web standards enabled them to work across platform; at the time Safari was being developed for both OS X and Windows.
However, a couple years later, Apple abandoned Windows support in 2012's Safari 6, effectively delegating the task of maintaining a WebKit browser to Google's Chrome and similar projects. That opened the door to the idea of building Safari Extensions using native Objective-C or Swift code for performance reasons.
In 2014, Apple introduced App Extensions, a new architecture for building app components that could be distributed with an app, and designed specifically to add insert new functionality into core OS features on both iOS and macOS.
Creating an App Extension requires Apple's support for creating an Extension Point in the OS that developers can build upon. The initial Extension Points Apple introduced in 2014 included system-wide Share Extensions (adding new social network sharing options), Photo Editing Extensions (extending the features of the Photos app), Today Extensions (supporting widgets) and Custom Keyboards specific to iOS.
The following year, Apple introduced Content Blockers as a new class of App Extensions specially targeting Safari, supporting the ability to prevent the downloading of any defined content, including display ads, images, navigation elements, popups, scripts, fonts, style sheets, media files, cookies, or essentially anything on a web page.
On both macOS Sierra 10.12 and today's El Capitan 10.11.5 (when Safari 10 is installed), Safari will support App Extensions built from a combination of JavaScript, CSS and native code written in Objective-C or Swift.
Like previous App Extensions, the new architecture defines a broad Extension Point for Safari that allows third party developers to add new functionality to Safari, both to read and modify web page content (such as translating text into another language) and to communicate back and forth with a native app to integrate app data into Safari or to get web data into an app.
Developers can extend the Safari user interface by adding a toolbar button to execute a command or display a popover window, add a contextual menu item, inject a style sheet that alters how web pages are presented (such as modifying fonts used or text sizes), or inject JavaScript that changes how a page behaves or enables it to communicate with the app extension.
Unlike previous Safari Extensions, the new App Extensions can communicate securely with a developer's app using shared resources, as depicted in Apple's developer documentation (portrayed below).
More importantly, the new App Extensions architecture enables developers to distribute Safari Extensions as part of their app through the App Store. That means users won't have to go looking for a plugin from an independent "Gallery" on the web.
The "Safari Extensions..." menu in macOS Sierra now launches the Mac App Store, which will present apps that include an App Extension for use in Safari. For developers, moving their existing Safari Extensions to native App Extensions is designed to be easy to do in Xcode.
This change also means that user App Extensions can be updated in parallel with the developer's app, preventing compatibility problems related to different component versions between an extension and an app. Because they can now be written in native code, Safari App Extensions can perform faster and use less memory than before.
Beyond App Extensions, Safari 10 will also support Apple Pay transactions on the web (below), iPad Split View of two websites at once, Picture in Picture display of embedded HTML5 videos on Macs (like iPad introduced last year), and automatic use of HTML5 videos from sites that would otherwise attempt to use Adobe Flash or Microsoft Silverlight.
Apple Pay on the web with Safari 10
Overall, Apple's App Extension architecture provides a secure way for developers to extend OS-level features, while also expanding the usefulness of developers' work across the system.
There are a wide variety of other new App Extensions being introduced in iOS 10 and macOS Sierra, enabling third parties to similarly add new features to a variety of extension points including Siri, Messages, Maps, Notifications and Call Directory. AppleInsider will examine how these new extension points can enable developers to add new features to Apple's platforms.
Safari 10 for macOS
A big update from the original Safari 5.0 Extensions
Back in 2010, Apple introduced a Safari Extensions Gallery for Safari 5.0, enabling developers to build extension plugins for Safari using web standards such as CSS and JavaScript.
Safari 5.0 Extensions Gallery
Safari 5.0 Extensions provided a way for third parties to add buttons to the Safari toolbar, make a new extension bar, change the way web content appeared or add controls to web pages. The architecture also supported digital signing so that developers could verify where a particular extension originated and prove that it hadn't been tampered with.
Apple helped third parties distribute their Safari Extensions in a Gallery which acted like a web-specific App Store for both perusing new extensions and obtaining updates. Building these extensions in web standards enabled them to work across platform; at the time Safari was being developed for both OS X and Windows.
However, a couple years later, Apple abandoned Windows support in 2012's Safari 6, effectively delegating the task of maintaining a WebKit browser to Google's Chrome and similar projects. That opened the door to the idea of building Safari Extensions using native Objective-C or Swift code for performance reasons.
In 2014, Apple introduced App Extensions, a new architecture for building app components that could be distributed with an app, and designed specifically to add insert new functionality into core OS features on both iOS and macOS.
Creating an App Extension requires Apple's support for creating an Extension Point in the OS that developers can build upon. The initial Extension Points Apple introduced in 2014 included system-wide Share Extensions (adding new social network sharing options), Photo Editing Extensions (extending the features of the Photos app), Today Extensions (supporting widgets) and Custom Keyboards specific to iOS.
The following year, Apple introduced Content Blockers as a new class of App Extensions specially targeting Safari, supporting the ability to prevent the downloading of any defined content, including display ads, images, navigation elements, popups, scripts, fonts, style sheets, media files, cookies, or essentially anything on a web page.
With Safari 10, any Extension can be a native App Extension
On both macOS Sierra 10.12 and today's El Capitan 10.11.5 (when Safari 10 is installed), Safari will support App Extensions built from a combination of JavaScript, CSS and native code written in Objective-C or Swift.
Safari will support App Extensions built from a combination of JavaScript, CSS and native code written in Objective-C or Swift
Like previous App Extensions, the new architecture defines a broad Extension Point for Safari that allows third party developers to add new functionality to Safari, both to read and modify web page content (such as translating text into another language) and to communicate back and forth with a native app to integrate app data into Safari or to get web data into an app.
Developers can extend the Safari user interface by adding a toolbar button to execute a command or display a popover window, add a contextual menu item, inject a style sheet that alters how web pages are presented (such as modifying fonts used or text sizes), or inject JavaScript that changes how a page behaves or enables it to communicate with the app extension.
Unlike previous Safari Extensions, the new App Extensions can communicate securely with a developer's app using shared resources, as depicted in Apple's developer documentation (portrayed below).
More importantly, the new App Extensions architecture enables developers to distribute Safari Extensions as part of their app through the App Store. That means users won't have to go looking for a plugin from an independent "Gallery" on the web.
For developers, moving their existing Safari Extensions to native App Extensions is designed to be easy to do in Xcode
The "Safari Extensions..." menu in macOS Sierra now launches the Mac App Store, which will present apps that include an App Extension for use in Safari. For developers, moving their existing Safari Extensions to native App Extensions is designed to be easy to do in Xcode.
This change also means that user App Extensions can be updated in parallel with the developer's app, preventing compatibility problems related to different component versions between an extension and an app. Because they can now be written in native code, Safari App Extensions can perform faster and use less memory than before.
Beyond App Extensions, Safari 10 will also support Apple Pay transactions on the web (below), iPad Split View of two websites at once, Picture in Picture display of embedded HTML5 videos on Macs (like iPad introduced last year), and automatic use of HTML5 videos from sites that would otherwise attempt to use Adobe Flash or Microsoft Silverlight.
Apple Pay on the web with Safari 10
Other new iOS 10 & macOS Sierra App Extensions
Overall, Apple's App Extension architecture provides a secure way for developers to extend OS-level features, while also expanding the usefulness of developers' work across the system.
There are a wide variety of other new App Extensions being introduced in iOS 10 and macOS Sierra, enabling third parties to similarly add new features to a variety of extension points including Siri, Messages, Maps, Notifications and Call Directory. AppleInsider will examine how these new extension points can enable developers to add new features to Apple's platforms.
Comments
In practice, this is the most secure and least risky way to distribute software
That functionality is now baked into Safari 10 by default. To web servers, it looks like Safari 10 users do not even have Flash installed.
Does this include HBO and Netflix which use Flash and Silverlight, respectively? I think it's silly that I can watch both of these networks on my iPhone, which does not support either of these technologies, but my Mac can't play videos from either source unless I install some slow, bloated, third-party software.
http://safariextensions.tumblr.com
http://appleinsider.com/articles/15/06/15/inside-app-extensions-webkit-content-blockers-extend-user-privacy-in-ios-9-safari-9
There's a sandbox between native code and the browser, this new development is just a different way to distribute and develop them.
There's two components for this to work: injected content into the browser and native code. These can't run each other's code directly so it doesn't give the browser native access to the system, the browser can only communicate with the native code via messages and it's the developer sending the messages, not the website.
You inject Javascript/HTML/CSS into a web page at runtime with the Safari extension and this can send messages to the app extension, which the OS activates when a message is passed to it.
Most app developers will never write a native app extension to link to Safari because the most useful Safari extensions do DOM manipulation, which you'd never do in native code as DOM parsing is not really feasible and it would mean having to shuffle the entire page content back and forward through messaging and the filesystem, which slows things down.
The reason they have introduced this is because the previous way meant distributing two components separately: the app on the Mac App Store and the Safari Extension on the extension site, which are updated separately and can get out of sync. If you have a Safari extension as part of an app then it makes sense to just distribute it with the app and that keeps both updated together.
1password has two parts for example:
https://discussions.agilebits.com/discussion/40413/1password-safari-extension-not-working
Now they'd just bundle the extension with the app.
In order to get any malware, it has to be a malicious app that is available in the App Store, which Apple would check for. Apple could miss an app that bundles an extension that injects Javascript to monitor login entries, sites visited and passes that back to a native extension to send to their own servers (a keylogger), there's one for Chrome:
https://github.com/Xeroday/ChromeLogger
This can happen with any extension so you have to be careful of any extension you install, especially from unofficial sites and you can disable the whole extension system.
Uninstalling the Flash plugin on older browsers should let the site know you don't have it installed. If the site still doesn't work, the develop menu (activated in Safari preferences > advanced) in Safari lets you switch the user agent to the iPad (Develop menu > User Agent > iPad). The following page for example won't play in Safari by default but removing Flash and switching the agent to iPad will play the video in HTML5:
http://www.hbo.com/silicon-valley/about/video/season-3-trailer.html?autoplay=true
If you set the user agent to iPhone, it makes the timeline disappear and other browsers don't work. It would be nice if Safari let you set user agent by default per site. There seems to be a way to do it via Javascript:
http://stackoverflow.com/questions/1307013/mocking-a-useragent-in-javascript
Maybe if that was injected using an extension before the page loaded it would work but you'd need a developer id to sign it and have the extension stay active.
Those are part of the page content. Popup blockers just cover new windows/tabs. The email popups are hard to block as they are custom to each site displaying them. Bloggers make money from viewers so they are always looking to get as many recurring views and the panels get the results they want:
https://blog.bufferapp.com/get-more-email-subscribers-how-we-doubled-email-signups
They could be blocked somewhat by catching/disabling Javascript events shortly after page load or scroll events. They are very irritating, I usually just close the site as soon as one pops up.
So thanks, Google, for your shitty system. I may stop using YouTube entirely now that I can’t see it in a QuickTime window (with a right-click to download option).