Hi, I have an app that uses WKWebView and it's crashing on iOS 26 Simulator in places I've never had problems before. In this case it's crashing when calling WKWebView.callAsyncJavaScript, but in my other project WKWebView is crashing with some sort of EXC_BAD_ACCESS other than callAsyncJavaScript. Am I missing something? Thanks,

Hello, According to the documentation: If you provide your extension in macOS and don’t want to use the Mac App Store for distribution, you can sign and notarize your extension’s app with a Developer ID to distribute it outside the Mac App Store. However, I found this to be untrue in practice. Even after signing and notarising the Safari extension correctly, it is not possible to enable it in Safari without turning on "allow unsigned extension". This makes it impossible to distribute your Developer ID–signed and notarized extension outside the Mac App Store. I would like to distribute my web extension directly to employees in my organization using MDM without having each user manually enable "allow unsigned extension" for it to work. Any way to make it work? The documentation is quite confusing in this aspect, it says "Safari only supports signed extensions" but my extension is rejected even if notarised and signed.

Hi all, I'm currently working with WKWebView and implementing the WKNavigationDelegate protocol. In particular, I'm trying to inspect the sourceFrame of a WKNavigationAction to make navigation policy decisions based on the frame's URL path. Here's the relevant Swift code inside decidePolicyFor: public func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, preferences: WKWebpagePreferences, decisionHandler: @escaping (WKNavigationActionPolicy, WKWebpagePreferences) -> Void) { // ... let sourceFrame: WKFrameInfo = navigationAction.sourceFrame let request: URLRequest = sourceFrame.request // <- SIGABRT occurs here // ... } The issue is that the app crashes with a SIGABRT at runtime when attempting to access sourceFrame.request. According to Swift's type system, neither sourceFrame nor its request property are optional, so at first glance this seems safe. However, the crash report suggests otherwise. From the crash log, it appears that the issue arises during the bridging from Objective-C to Swift: Thread 1 Queue : com.apple.main-thread (serial) #0 0x00000001a127a030 in static Foundation.URLRequest._unconditionallyBridgeFromObjectiveC(Swift.Optional<__C.NSURLRequest>) -> Foundation.URLRequest () #1 0x00000001056c48b0 in CustomWebViewController.webView(_:decidePolicyFor:preferences:decisionHandler:) #2 0x00000001056c4c78 in @objc CustomWebViewController.webView(_:decidePolicyFor:preferences:decisionHandler:) () #3 0x00000001b8c66e0c in WebKit::NavigationState::NavigationClient::decidePolicyForNavigationAction () #4 0x00000001b8fd14dc in WebKit::WebPageProxy::decidePolicyForNavigationAction () #5 0x00000001b8fcfc7c in WebKit::WebPageProxy::decidePolicyForNavigationActionAsyncShared () #6 0x00000001b8fcfb18 in WebKit::WebPageProxy::decidePolicyForNavigationActionAsync () #7 0x00000001b87ddaa0 in WebKit::WebPageProxy::didReceiveMessage () #8 0x00000001b869f474 in IPC::MessageReceiverMap::dispatchMessage () #9 0x00000001b878dda4 in WebKit::WebProcessProxy::dispatchMessage () #10 0x00000001b878d614 in WebKit::WebProcessProxy::didReceiveMessage () #11 0x00000001b869e7e4 in IPC::Connection::dispatchMessage () #12 0x00000001b869e358 in IPC::Connection::dispatchIncomingMessages () #13 0x00000001b9a96a44 in WTF::RunLoop::performWork () #14 0x00000001b9a96688 in WTF::RunLoop::performWork () #15 0x00000001a2428b9c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ () #16 0x00000001a24289b4 in __CFRunLoopDoSource0 () #17 0x00000001a2428810 in __CFRunLoopDoSources0 () #18 0x00000001a2429190 in __CFRunLoopRun () #19 0x00000001a242ad4c in CFRunLoopRunSpecific () #20 0x00000001ef705454 in GSEventRunModal () #21 0x00000001a4e45890 in -[UIApplication _run] () #22 0x00000001a4e10cec in UIApplicationMain () #23 0x00000001a4ef261c in ___lldb_unnamed_symbol275689 () #24 0x00000001059a5104 in static UIApplicationDelegate.main() () #25 0x00000001059a5074 in static AppDelegate.$main() () #26 0x00000001059a82ec in main () #27 0x00000001c940af0c in start () This implies that while Swift treats sourceFrame.request as non-optional, the underlying Objective-C implementation may actually return nil—leading to a crash when the non-optional Swift type attempts to force unwrap it. My question: Is there a way to safely access navigationAction.sourceFrame.request —- or determine if it’s nil—before Swift attempts the implicit bridging from Objective-C? Or is there an established workaround for safely inspecting this property? Any guidance or best practices for avoiding this crash would be greatly appreciated! Thanks in advance.

Thank you for supporting me. My environment Device: iPhone 15 Pro OS: iOS 26.0 Public Beta (23A5336a) In iOS 26, three types of tabs were added to Safari. Depending on the option, the behavior of the fixed header and footer can be unstable. *Tab settings can be changed in the iOS Settings app under "Apps -> Safari" > "Tabs." The following behavior differs depending on the tab. Compact When scrolling down, the header and footer shift up by a few pixels. A margin is created between the footer and the URL input field. Bottom Behaves the same as "Compact." Top The header is completely hidden below the URL input field at the top of the screen, leaving a margin below the footer. Below is the sample code to check the operation. <!doctype html> <html lang="ja"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <title>固定ヘッダー/フッター + モーダル</title> <style> :root { --header-h: 56px; --footer-h: 56px; } body { margin: 0; font-family: sans-serif; line-height: 1.6; background: #f9fafb; padding-top: var(--header-h); padding-bottom: var(--footer-h); } header .inner, footer .inner { width: 100%; max-width: var(--max-content-w); padding: 0 16px; display: flex; align-items: center; justify-content: space-between; } header, footer { position: fixed; left: 0; right: 0; display: flex; align-items: center; justify-content: center; z-index: 100; background: #fff; } header { top: 0; height: var(--header-h); border-bottom: 1px solid #ddd; } footer { bottom: 0; height: var(--footer-h); border-top: 1px solid #ddd; } main { padding: 16px; } .btn { padding: 8px 16px; border: 1px solid #2563eb; background: #2563eb; color: #fff; border-radius: 6px; cursor: pointer; } /* モーダル関連 */ .modal { position: fixed; inset: 0; display: none; z-index: 1000; } .modal.is-open { display: block; } .modal__backdrop { position: absolute; inset: 0; background: rgba(0,0,0,0.5); } .modal__panel { position: relative; max-width: 600px; margin: 10% auto; background: #fff; border-radius: 8px; padding: 20px; z-index: 1; } .modal__head { display: flex; justify-content: space-between; align-items: center; margin-bottom: 12px; } .modal__title { margin: 0; font-size: 18px; font-weight: bold; } .modal__close { background: none; border: none; font-size: 20px; cursor: pointer; } </style> </head> <body> <header> <div class="inner"> <h1>デモページ</h1> <button id="openModal" class="btn">モーダルを開く</button> </div> </header> <main class="container" id="main"> <h2>スクロール用の適当なコンテンツ1</h2> <p>ヘッダーとフッターは常に表示されます。モーダルボタンを押すと、画面いっぱいのダイアログが開きます。</p> <!-- ダミーカードを複数 --> <section class="grid"> <div class="card"><strong>カード1</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード2</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード3</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード4</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード5</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード6</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード7</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード8</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード9</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード10</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> </section> </main> <footer> <small>&copy; 2025 Demo</small> </footer> <!-- モーダル --> <div class="modal" id="modal"> <div class="modal__backdrop"></div> <div class="modal__panel"> <div class="modal__head"> <h2 class="modal__title">モーダル</h2> <button class="modal__close" id="closeModal">&times;</button> </div> <p>これは白いビューのモーダルです。背景は黒く半透明で覆われています。</p> </div> </div> <script> const modal = document.getElementById('modal'); const openBtn = document.getElementById('openModal'); const closeBtn = document.getElementById('closeModal'); const backdrop = modal.querySelector('.modal__backdrop'); openBtn.addEventListener('click', () => { modal.classList.add('is-open'); }); function closeModal() { modal.classList.remove('is-open'); } closeBtn.addEventListener('click', closeModal); backdrop.addEventListener('click', closeModal); window.addEventListener('keydown', (e) => { if (e.key === 'Escape' && modal.classList.contains('is-open')) { closeModal(); } }); </script> </body> </html>

Hello - we have a Mac application that uses a browser extension and the web extension JS APIs to communicate with Safari. As of macOS 15.4 / Safari 18.4 the tab OnAttached and tab onDetached events are no longer received. After some testing we verified that the events were working properly as of macOS 15.3 / Safari 18.3 but appear to have been broken in macOS 15.4. Note a similar issue was reported previously for Safari 17.6 and was fixed in macOS 15.0 (FB14324177). We have made a TestFlight version of our app (Tabby) available to simplify debugging via https://testflight.apple.com/join/Va8Zdv9d. To reproduce the issue: Install the Tabby TestFlight build on macOS 15.4 or 15.4.1 Open Safari, go to Safari settings and select the Extensions tab Enable the Tabby extension and grant permissions to all windows all the time Open a Safari window with at least 3 tabs Note the open window and tabs displayed in Tabby In Safari, perform a tab detach by dragging a tab out of the window Expected behavior Within Safari the detached tab should now be in it’s own window, and via the onDetached event Tabby should update to show the tab in it’s own window AND removed from the original window. Observed Safari fails to send the onDetached event and Tabby will continue to display the detached tab in its original window in addition to the new window. You can also use the repro steps above to observe the onDetached event being received or not by Tabby in the Safari developer console. The same steps but re-attaching the tab to the original window can be used to observe the onAttached event being received or not. We’ve attached two screen recordings to the Feedback ID below, one showing the events working on macOS 15.3, and one showing the events failing to be received on macOS 15.4.1. Note it also fails on macOS 15.4. FEEDBACK ID: FB17367977

Hello, I'm not able to get the webauthn attestation statement using the option (attestation.direct) on Safari. The answer I get is a fmt of none and a aaguid of zeros. The same code works on Chrome and I was able to get a none zero aaguid and a packed fmt attestation. Can you explain why this does not work on Safari ? Thank you.

Background On iOS 18.4 beta, setting a content inset on a WKWebView causes touch events inside the web view to be offset by the content inset amount. In other words, if the web view has a top content inset of 75 points, I must tap 75 points above the intended element for the touch to register correctly. This makes any web content unusable when a content inset is present. A sample app demonstrating the issue is available here: GitHub - iOS18.4-Webview-Bug. The issue does not occur in iOS 18.3 or 18.2. Bug Report The bug has been reported and fixed at WebKit Bug 289715 and also filed as rdar://147075945. Question Will the fix be included in the upcoming iOS 18.4 beta release (Beta 5) or soon thereafter?

I'm using the new iOS 26 WebPage/WebView for SwiftUI in a NavigationStack. The initial load works as expected, but when loading items from the back/forward lists, the content jumps beneath the navigation bar: struct WebPageTestView: View { var webPage = WebPage() var body: some View { NavigationStack { WebView(webPage) .toolbar { Button("Back") { if let backItem = webPage.backForwardList.backList.last { webPage.load(backItem) } } Button("Forward") { if let forwardItem = webPage.backForwardList.forwardList.first { webPage.load(forwardItem) } } } } .task { webPage.isInspectable = true webPage.load(URL(string: "https://domchristie.co.uk/")) } } } I have run this on the iOS 26.0 and 26.1 Simulators and get the same issue. The demo website does not use any JavaScript. I was able to replicate this behaviour using a wrapped WKWebView and calling the .ignoresSafeArea(.all) modifier.

Hi, My app is using JavascriptCore to run the business logic in a javascript environment. We are randomly seeing crashes when users move the app back to the foreground. These crashes are reported by Firebase (I am attaching an example). I also tried to find them in Organizer, but the stacktraces don't match and I am not sure if they are pointing to the same error (I attach one just in case). I was trying to investigate a little bit about this, but I could find any explanation about what pas_reallocation_did_fail would mean. Here is our implementation: -(void) enqueueCallback:(JSValue *)callback withArguments:(NSArray *)args exclusive:(BOOL)exclusive { [self enqueueBlock:^{ @autoreleasepool { [callback callWithArguments:args]; } } exclusive:exclusive]; } Basically, every JS block is enqueued and then run by a dedicated thread specific to our JSContext. Can I get some help? Thanks in advance! Crashlytics.txt 2024-08-30_10-00-01.2572_-0400-f757f8306eda9679ec1b2ff90fbc66c4eb1fbee7.crash

Hi, How are we supposed to handle links with target="_blank" in the new SwiftUI WebView? I don't see anything in WebPage.NavigationDeciding or elsewhere that corresponds to the delegate method used for WKWebView.

I use WKWebView to display a webpage that requires authentication through an authentication provider. This works as expected, but when I close and reopen the app, I have to reauthenticate. However, if I open the same page in Safari, I only have to authenticate once. If I close Safari and reopen it, the page displays without prompting me to authenticate again. I see some cookies stored in httpCookieStore, so I assume that storing cookies works. Does anyone have an idea why authentication is not persistent between app launches? Thanks in advance. Best regards, Marc

Hi everyone, I’m encountering a critical reliability issue with message passing in my Safari Web Extension on iOS 18.4.1 and iOS 18.5. In my extension, I’m using the standard messaging API. The background script sends a message to the content script using browser.tabs.sendMessage(...), and the content script registers a listener via: browser.runtime.onMessage.addListener(handler); This setup has been working reliably in all prior versions of iOS. However, after updating to iOS 18.4.1 and 18.5, I’ve noticed the following behavior: ✅ The content script is successfully injected, and onMessage.addListener is registered (I see logging confirming this). ✅ The background script sends the message using the correct tabId (also confirmed via logs). ❌ The content script’s onMessage listener is not consistently triggered. ⚠️ This issue is intermittent, sometimes the message is received, sometimes it is silently dropped. ❌ No exceptions or errors are thrown in either script, the message appears to be sent, but not picked up from the content script message listener.

Up until some point relatively recently, I have been able to use Safari's web inspector to connect to the iOS simulator in order to debug our web application in development at http://localhost:8088. Now, the web inspector still OPENS, but it opens in a broken state. The context is available to select from Safari's "Develop" menu: Develop > "iPhone 16 Pro (Simulator)" > "localhost - login". It appears under the Safari heading if I have navigated to the web app in the browser, or under the Expo heading if I am accessing it through the webview in our React Native wrapper app. When I select it, the web inspector window does appear. However, once it opens, the Elements pane is empty, the Console pane is empty, expressions entered into the console are not evaluated, there's no content in Sources, Network, Storage, etc. Important notes: This broken state happens at http://localhost:8088 as well as http://127.0.0.1:8088, and it seems that the insecure context is the issue. The web inspector DOES work for HTTPS sites. If I navigate to, e.g., https://example.com in the simulator and connect the web inspector, everything works fine. The web inspector also works fine in Safari on macOS (OUTSIDE the simulator) when accessing non-HTTPS sites. It's only a problem for non-HTTPS sites when connecting to the simulator. A coworker has the same problem, so it is not isolated to my machine. I would enable TLS locally as a workaround, but this web app is very complex, and I know from experience that it is very difficult for various reasons to set it up properly for our project in development, and it will take significant non-trivial work to do so. So... Why is this happening? Is this expected behavior? Is there a way that I can debug my site on localhost without HTTPS?

After upgrading to Safari version 18, we encountered an issue with my extension’s background script not being able to access cookies. Previously, in Safari versions 17 and below, the extension worked as expected. Now, when the extension tries to retrieve cookies using browser.cookies.getAll(), it returns an empty list. However, if we open the extension’s developer tools, the cookies are visible and accessible. It seems that Safari only provides cookie data after the developer tools have been opened. However, after relaunching Safari and launching the extension without opening the developer tools, browser.cookies.getAll() still returns an empty list. Has anyone else experienced this? STEPS TO REPRODUCE Download this minimal app : https://www.icloud.com/iclouddrive/0bajlhnuQaG6T5NsFKXEB0U9Q#test%5Fcookies Compile test_mv2 extension (in test_cookies.getAll.zip). Launch test_mv2.app and activate extension. Click on the extension's button (browserAction). Open the developer tools. Observe an empty list of cookies. Click on the extension's button (browserAction). Cookies are retrieved as expected.

Typically, you can use the @@extension_id special string to reference the absolute path into the bundled resources of an extension, such as an image or a custom font, in a CSS file. However, this broke with Safari 18. Consider this section in a popup.css file: .card-icon { height: 16px; width: 20px; background-image: url(safari-web-extension://__MSG_@@extension_id__/images/card.svg); background-size: 20px 16px; } In Safari 17.4, once loaded in the browser, @@extension_id is replaced with E8BEA491-9B80-45DB-8B20-3E586473BD47, and the background-image reads as so: background-image: url(safari-web-extension://E8BEA491-9B80-45DB-8B20-3E586473BD47/images/card.svg); But as of Safari 18, the @@extension_id just collapses to an empty string, and the background-image reads as so: background-image: url(safari-web-extension:///images/card.svg); and the svg fails to load with the following error: "Failed to load resource: You do not have permission to access the requested resource." This is a regression, does to match the behavior of the other major browsers, and should be fixed. Filed with Feedback ID: FB15104807

I recently upgraded my device from IOS 18.4 to IOS 26. My web extension has disapeared from safari. I can see it in Settings > Apps > Safari > Extensions and when I turn it on and re-open safari. I just get a mesasge that says "{extension name} is no longer avaiable". I have tried Manifest V2 and Manifest V3 both yield the same results. The current production extension bundled with the IOS app has the same problem. I can no longer use or test my own extension !? Help please !

The application I'm currently working on uses WebKit. Based on the crash analytics, we have noticed that some of our users are experiencing an unusual behavior in the app's WebKit view with macOS 15.3.2. These errors are reported for this version of the OS. The error in the crash log is a SIGABRT error, but there is no relevant information available to address it. In some crash logs, we found this error: "NSInternalInconsistencyException: Returned WKWebView was not created with the given configuration" but there is not any particular way to address it. Is there a way to identify the cause of this error? Alternatively, has anyone encountered this issue and found a solution? OS Version: macOS 15.3.2 (24D81) Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Crashed Thread: 0 Application Specific Information: Returned WKWebView was not created with the given configuration. Thread 0 Crashed: 0 CoreFoundation 0x303111e74 __exceptionPreprocess 1 libobjc.A.dylib 0x3027b6cd4 objc_exception_throw 2 CoreFoundation 0x303111d6c +[NSException raise:format:] 3 WebKit 0x34e85cb20 WebKit::UIDelegate::UIClient::createNewPage 4 WebKit 0x34e8a4a80 WebKit::SOAuthorizationCoordinator::tryAuthorize 5 WebKit 0x34e9f04f8 WebKit::WebPageProxy::createNewPage 6 WebKit 0x34ef994c8 WebKit::WebPageProxy::didReceiveSyncMessage 7 WebKit 0x34f0830cc IPC::MessageReceiverMap::dispatchSyncMessage 8 WebKit 0x34ea753b0 WebKit::WebProcessProxy::didReceiveSyncMessage 9 WebKit 0x34f07cfb4 IPC::Connection::dispatchSyncMessage 10 WebKit 0x34f07d3b0 IPC::Connection::dispatchMessage 11 WebKit 0x34f078c50 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch 12 WebKit 0x34f07f4f4 ***::Detail::CallableWrapper&lt;T&gt;::call 13 JavaScriptCore 0x33f3520c0 ***::RunLoop::performWork 14 JavaScriptCore 0x33f352fe8 ***::RunLoop::performWork 15 CoreFoundation 0x30309f8a0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 16 CoreFoundation 0x30309f834 __CFRunLoopDoSource0 17 CoreFoundation 0x30309f598 __CFRunLoopDoSources0 18 CoreFoundation 0x30309e134 __CFRunLoopRun 19 CoreFoundation 0x30309d730 CFRunLoopRunSpecific 20 HIToolbox 0x319aeb52c RunCurrentEventLoopInMode 21 HIToolbox 0x319af1344 ReceiveNextEventCommon 22 HIToolbox 0x319af1504 _BlockUntilNextEventMatchingListInModeWithFilter 23 AppKit 0x30a7cd844 _DPSNextEvent 24 AppKit 0x30b133c20 -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 25 AppKit 0x30a7c0870 -[NSApplication run] 26 AppKit 0x30a797064 NSApplicationMain 27 &lt;unknown&gt; 0x182780274 &lt;redacted&gt; Thread 0 name: t-main-ui Crashed: 0 CoreFoundation 0x303111e74 __exceptionPreprocess 1 libobjc.A.dylib 0x3027b6cd4 objc_exception_throw 2 CoreFoundation 0x303111d6c +[NSException raise:format:] 3 WebKit 0x34e85cb20 WebKit::UIDelegate::UIClient::createNewPage 4 WebKit 0x34e8a4a80 WebKit::SOAuthorizationCoordinator::tryAuthorize 5 WebKit 0x34e9f04f8 WebKit::WebPageProxy::createNewPage 6 WebKit 0x34ef994c8 WebKit::WebPageProxy::didReceiveSyncMessage 7 WebKit 0x34f0830cc IPC::MessageReceiverMap::dispatchSyncMessage 8 WebKit 0x34ea753b0 WebKit::WebProcessProxy::didReceiveSyncMessage 9 WebKit 0x34f07cfb4 IPC::Connection::dispatchSyncMessage 10 WebKit 0x34f07d3b0 IPC::Connection::dispatchMessage 11 WebKit 0x34f078c50 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch 12 WebKit 0x34f07f4f4 ***::Detail::CallableWrapper&lt;T&gt;::call

I want to migrate from a Safari App Extension to a Safari Web Extension, but don't know how to get rid of the message, telling users that my extension can access their passwords. Here is a message which I see: I was thinking that this might be because all Safari Web Extension get this type of access, but I have a Safari Web Extension which does not require such level of access: Here is the manifest: { "manifest_version": 2, "default_locale": "en", "name": "__MSG_extension_name__", "description": "__MSG_extension_description__", "version": "1.1", "icons": { "48": "images/icon-48.png" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "browser_action": { "default_popup": "popup.html", "default_icon": { "16": "images/toolbar-icon-16.png" } }, "permissions": [ "nativeMessaging", "tabs" ] } and here is the Info.plist file: Here is the entire code of the extension: https://github.com/kopyl/web-extension-simplified

Is this code invalid on a phone running xcode16 iOS18? Class cls = NSClassFromString(@"WKBrowsingContextController"); SEL sel = NSSelectorFromString(@"registerSchemeForCustomProtocol:"); if ([(id)cls respondsToSelector:sel]) { [(id)cls performSelector:sel withObject:@"http"]; [(id)cls performSelector:sel withObject:@"https"]; } }

On iOS 26 Beta, WKWebView consistently crashes when interacting with pages that use -webkit-user-select: none. This issue does not reproduce in Safari, but only when the same content is loaded inside a WKWebView. Steps to Reproduce: Install iOS 26 Beta. Open a WKWebView that loads a webpage with the following style applied globally: -webkit-user-select: none; Perform the following gesture sequence inside the WKWebView: Double tap anywhere in the web content. On the second tap, keep your finger pressed (do not lift). While still holding the second tap, drag your finger across the screen (pan). This sequence reliably produces the crash. Expected Result: No crash. The gesture should either be ignored or handled gracefully. Actual Result: The app crashes 100% of the time with the following exception: #0 0x000000013f1a0874 in __pthread_kill () #1 0x00000001357522ec in pthread_kill () #2 0x00000001801ad950 in abort () #3 0x00000001802fa26c in __abort_message () #4 0x00000001802ea1a4 in demangling_terminate_handler () #5 0x0000000180077218 in _objc_terminate () #6 0x00000001802f9758 in std::__terminate () #7 0x00000001802fc7c0 in __cxxabiv1::failed_throw () #8 0x00000001802fc7a0 in __cxa_throw () #9 0x000000018009c1bc in objc_exception_throw () #10 0x00000001804f38f8 in +[NSException raise:format:] () #11 0x000000018c5fb570 in -[CALayer setPosition:] () #12 0x0000000185d02414 in -[UIView _backing_setPosition:] () #13 0x00000001867ec978 in -[UIView setCenter:] () #14 0x0000000186666468 in -[_UIEditMenuContentPresentation _displayPreparedMenu:titleView:reason:didDismissMenu:configuration:] () #15 0x0000000186666088 in __54-[_UIEditMenuContentPresentation _displayMenu:reason:]_block_invoke () #16 0x00000001867b3ed4 in -[UIEditMenuInteraction _editMenuPresentation:preparedMenuForDisplay:completion:] () #17 0x0000000186665fb0 in -[_UIEditMenuContentPresentation _displayMenu:reason:] () #18 0x0000000186665de4 in -[_UIEditMenuContentPresentation displayMenu:configuration:] () #19 0x00000001867b3260 in __58-[UIEditMenuInteraction presentEditMenuWithConfiguration:]_block_invoke () #20 0x00000001867b4c98 in __80-[UIEditMenuInteraction _prepareMenuAtLocation:configuration:completionHandler:]_block_invoke () #21 0x000000018653ff80 in __109-[UITextContextMenuInteraction _editMenuInteraction:menuForConfiguration:suggestedActions:completionHandler:]_block_invoke () #22 0x0000000186540448 in __107-[UITextContextMenuInteraction _querySelectionCommandsForConfiguration:suggestedActions:completionHandler:]_block_invoke () #23 0x000000018dba84f8 in WTF::Detail::CallableWrapper<WTF::CompletionHandler<void (IPC::Connection*, IPC::Decoder*)> IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::RequestDocumentEditingContext, WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>>(WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Connection*, IPC::Decoder*), void, IPC::Connection*, IPC::Decoder*>::call () #24 0x000000018dca14cc in WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::ConnectionAsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Connection*, IPC::Decoder*>::call () #25 0x000000018e2d5c54 in IPC::Connection::dispatchMessage () #26 0x000000018e2d6118 in IPC::Connection::dispatchIncomingMessages () #27 0x00000001997f9c58 in WTF::RunLoop::performWork () #28 0x00000001997fa930 in WTF::RunLoop::performWork () #29 0x000000018044d4dc in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ () #30 0x000000018044d424 in __CFRunLoopDoSource0 () #31 0x000000018044cc0c in __CFRunLoopDoSources0 () #32 0x000000018044bd84 in __CFRunLoopRun () #33 0x0000000180446e24 in _CFRunLoopRunSpecificWithOptions () #34 0x00000001924c19bc in GSEventRunModal () #35 0x00000001862217a8 in -[UIApplication _run] () #36 0x00000001862259d0 in UIApplicationMain () Same issues below. https://developer.apple.com/forums/thread/796799 https://developer.apple.com/forums/thread/796501 https://developer.apple.com/forums/thread/796874 https://developer.apple.com/forums/thread/796686