Certain platforms and environments ā especially mobile WebViews and in-app browsers ā impose limitations on how widgets can be opened, embedded, or interacted with. This affects popups, redirects, storage, iframe loading, and JavaScript behavior.
| Platform | Behavior Summary |
|---|
| iOS (Safari / WebView) | WebViews often block external links and popups; may force redirect to Safari |
| Android WebView | More permissive: allows iframes, postMessage, JS |
| Desktop Browsers | Full feature support: tabs, popups, iframe, storage, SDK |
| Electron | Behaves like Chromium; allows full control via custom handlers |
| Method | Web | iOS Web | Android Web | iOS WebView | Android WebView | Electron |
|---|
| Direct link / redirect | ā
Tab/new tab | ā
Safari | ā
Browser | ā ļø Opens Safari | ā
In-WebView | ā
Fully works |
| window.open / popup | ā
Popup | ā ļø Maybe | ā
Works | ā Blocked | ā ļø Unreliable | ā
Works |
| iframe | ā
Full | ā
Safari | ā
Supported | ā Often blocked | ā
Mostly works | ā
Full |
| iframe + postMessage | ā
Works | ā
Works | ā
Works | ā ļø May need whitelisting | ā
Supported | ā
Full |
| Web SDK (script injection) | ā
Supported | ā
Works | ā
Works | ā ļø Depends on permissions | ā
Mostly works | ā
Full |
| WebView load (URL) | ā N/A | ā N/A | ā N/A | ā
Needs gesture | ā
Direct load | ā
Loads URL |
| Electron browser window | ā
Browser | ā
Works | ā
Works | ā N/A | ā N/A | ā
Native |
| Deep link ā WebView | ā Desktop only | ā ļø May fallback | ā
In-app | ā
Needs whitelist | ā
Intent support | ā
Emulated |
| Environment | Limitation |
|---|
| iOS WebView | External links often open in Safari, not inside app |
| WebView (iOS & Android) | May block popups, 3rd-party cookies, JS storage |
| iframe | CSP + X-Frame-Options must be properly configured |
| Electron | Can disable popups, node integration, file access for security |
| Popup windows | May be blocked unless triggered by user gesture (esp. on iOS) |
Apps like Telegram, Instagram, TikTok, Twitter/X, and email clients often open links in custom embedded WebViews (not Safari or Chrome). These may block standard browser features.
| App / Platform | Engine | Behavior Summary |
|---|
| Telegram (iOS) | WKWebView | Forces external links to Safari |
| Telegram (Android) | Android WebView | More flexible; stays in-app unless forced out |
| Instagram/Facebook | Custom WebView | Blocks some JS, storage, cookies, intercepts navigation |
| TikTok | Restricted WebView | Most popups/scripts blocked, may break postMessage |
| Twitter/X | In-app browser | Limits popups and iframe behavior |
| Email Clients | Varies | May sandbox JS, break session persistence |
- ā
window.open() blocked in some WebViews
- ā Limited iframe or JS support in in-app browsers
- š Redirects may be forced to open in Safari/Chrome
- šŖ Third-party cookies often blocked
- š§ Keyboard/focus bugs in mobile embeds
- š¢ Slow load or degraded UX in outdated WebViews
| If the widget is opened in... | We recommend... |
|---|
| Website (desktop/mobile) | Use direct link, iframe, or Web SDK |
| Mobile App (Android) | Load via WebView or iframe; allow JS + postMessage |
| Mobile App (iOS) | Use WebView with a fallback to Safari if needed |
| Telegram / WhatsApp / iOS App | Open in external Safari; donāt rely on embedding |
| Electron App | Load in BrowserWindow, enable postMessage |
| Unknown WebView | Detect with navigator.userAgent and offer a fallback (e.g., open in browser) |
- Provide an "Open in browser" fallback button
- Use a responsive layout ā some in-app browsers mishandle the viewport
- Avoid relying on
window.open, popups, and non-persistent storage
- Provide a direct-link fallback version of the widget
