Certain platforms and environments — especially mobile WebViews and in-app browsers — impose limitations on how widgets can be opened, embedded, or interacted with. This affects popups, redirects, storage, iframe loading, and JavaScript behavior.
🧩 General Platform Characteristics
Platform
Behavior Summary
iOS (Safari / WebView)
WebViews often block external links and popups; may force redirect to Safari
Android WebView
More permissive: allows iframes, postMessage, JS
Desktop Browsers
Full feature support: tabs, popups, iframe, storage, SDK
Electron
Behaves like Chromium; allows full control via custom handlers
🔬 Widget Behavior by Integration Method
Method
Web
iOS Web
Android Web
iOS WebView
Android WebView
Electron
Direct link / redirect
✅ Tab/new tab
✅ Safari
✅ Browser
⚠️ Opens Safari
✅ In-WebView
✅ Fully works
window.open / popup
✅ Popup
⚠️ Maybe
✅ Works
❌ Blocked
⚠️ Unreliable
✅ Works
iframe
✅ Full
✅ Safari
✅ Supported
❌ Often blocked
✅ Mostly works
✅ Full
iframe + postMessage
✅ Works
✅ Works
✅ Works
⚠️ May need whitelisting
✅ Supported
✅ Full
Web SDK (script injection)
✅ Supported
✅ Works
✅ Works
⚠️ Depends on permissions
✅ Mostly works
✅ Full
WebView load (URL)
❌ N/A
❌ N/A
❌ N/A
✅ Needs gesture
✅ Direct load
✅ Loads URL
Electron browser window
✅ Browser
✅ Works
✅ Works
❌ N/A
❌ N/A
✅ Native
Deep link → WebView
❌ Desktop only
⚠️ May fallback
✅ In-app
✅ Needs whitelist
✅ Intent support
✅ Emulated
🛡️ Security & UX Caveats
Environment
Limitation
iOS WebView
External links often open in Safari, not inside app
WebView (iOS & Android)
May block popups, 3rd-party cookies, JS storage
iframe
CSP + X-Frame-Options must be properly configured
Electron
Can disable popups, node integration, file access for security
Popup windows
May be blocked unless triggered by user gesture (esp. on iOS)
📱 In-App / Embedded Browser Notes
Apps like Telegram, Instagram, TikTok, Twitter/X, and email clients often open links in custom embedded WebViews (not Safari or Chrome). These may block standard browser features.
App / Platform
Engine
Behavior Summary
Telegram (iOS)
WKWebView
Forces external links to Safari
Telegram (Android)
Android WebView
More flexible; stays in-app unless forced out
Instagram/Facebook
Custom WebView
Blocks some JS, storage, cookies, intercepts navigation
TikTok
Restricted WebView
Most popups/scripts blocked, may break postMessage
Twitter/X
In-app browser
Limits popups and iframe behavior
Email Clients
Varies
May sandbox JS, break session persistence
⚠️ Known Behavioral Issues
❌ window.open() blocked in some WebViews
❌ Limited iframe or JS support in in-app browsers
🔁 Redirects may be forced to open in Safari/Chrome
🍪 Third-party cookies often blocked
🧭 Keyboard/focus bugs in mobile embeds
🐢 Slow load or degraded UX in outdated WebViews
✅ Recommendations
If the widget is opened in...
We recommend...
Website (desktop/mobile)
Use direct link, iframe, or Web SDK
Mobile App (Android)
Load via WebView or iframe; allow JS + postMessage
Mobile App (iOS)
Use WebView with a fallback to Safari if needed
Telegram / WhatsApp / iOS App
Open in external Safari; don’t rely on embedding
Electron App
Load in BrowserWindow, enable postMessage
Unknown WebView
Detect with navigator.userAgent and offer a fallback (e.g., open in browser)
🧠 Best Practices
Provide an "Open in browser" fallback button
Use a responsive layout — some in-app browsers mishandle the viewport
Avoid relying on window.open, popups, and non-persistent storage
Provide a direct-link fallback version of the widget
