If you are interested in web browsers or web pages ( – if you aren't, what are you doing reading my blog?? – ) and haven't seen Michal Zalewski's Browser Security Handbook, you should have a look. It is a very impressive resource!
(Some of the Opera-related information needs corrections. For example, Opera also uses an IDNA TLD whitelist though the page claims we always show such domains with their intended characters. Also, the list is among Opera's downloadable settings so we can easily add and remove top level domains if registrars change their policies or do not follow them correctly. Another example is where they claim Opera allows XMLHttpRequest with any random verb – no, we silently convert unknowns to GET, which is probably a very stupid thing to do and will probably be fixed to do something more sensible when we or the spec authors figure out what that should be.)
I'm not through everything yet, and I have already nagged developers about issues we should investigate or fix. Seeing those tables comparing browser policies on security-sensitive issues is really an eye-opener sometimes.
On a side note, it's nice that Google security researcher Chris Evans gives Opera "some serious credit" on getting CANVAS security right, and the IE blog mentions Opera's site patching as a precursor to their downloadable list of sites to show in compatibility view. (I guess they didn't even know that one of the settings we can force for a specific site through override_downloaded.ini is whether to show it in quirks or standards mode.) Nothing like some peer recognition of our work 😎