Disabling user selection in UIWebView
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
Disabling text selection in UIWebView was a common requirement in legacy iOS apps for kiosk-like displays, controlled reading experiences, and custom gesture handling. UIWebView is deprecated in favor of WKWebView, but many maintenance projects still require behavior fixes in existing code. Since UIKit does not expose a direct API for this, developers typically inject CSS/JavaScript into rendered content.
The implementation works, but it is not a security control. It only changes user interaction behavior in the embedded view.
Core Sections
1. Legacy context and migration warning
UIWebView is deprecated, so prefer WKWebView for new work.
If feasible, budget migration to WKWebView to reduce long-term risk.
2. Disable selection via injected CSS
Run after content is loaded, usually in webViewDidFinishLoad.
3. Disable long-press callout behavior
-webkit-touch-callout: none; prevents copy/select popup on many content elements.
This improves consistency when users long-press links/text.
4. Delegate timing matters
Injecting too early (before DOM ready) can fail silently.
5. WKWebView equivalent strategy (recommended)
Modern projects should implement this behavior in WKWebView instead.
6. Security and UX caveat
Disabling selection does not prevent data extraction from network traffic, app binaries, or accessibility tools. Treat it as UX tuning only.
Use backend access control and encryption for real protection.
Common Pitfalls
- Treating selection disabling as a real content security mechanism.
- Injecting JavaScript before page load completion and assuming success.
- Applying global CSS that breaks interactive widgets inside web content.
- Maintaining deprecated
UIWebViewbehavior without migration plan. - Forgetting to test behavior across iOS versions and content sources.
Summary
In legacy UIWebView code, user selection is typically disabled through injected CSS/JavaScript after load completion. The same concept is cleaner and more maintainable in WKWebView, which should be the preferred platform going forward. Use this technique for interaction control, not security guarantees, and test carefully with real content to avoid unintended UI regressions.
In production teams, the technical fix is only half of the work. The other half is making the behavior repeatable across environments and future code changes. For disabling user selection in uiwebview, create a lightweight implementation checklist and keep it close to the code. Include expected input shape, validation rules, failure modes, and fallback behavior. Add one “golden path” test and one “broken input” test that mirrors real incidents from logs. This quickly prevents regressions where code still compiles but semantics drift. If your stack supports typed contracts or schemas, define them early and validate at boundaries rather than deep inside business logic. Boundary validation keeps error messages local, speeds debugging, and reduces hidden coupling between services.
Operationally, add minimal observability around the branch where this logic executes. Emit structured fields that identify version, environment, and decision outcome without exposing sensitive data. During incident reviews, convert each root cause into a permanent automated test and a short runbook note. This creates cumulative reliability rather than one-off patching. Also avoid duplicating near-identical helper logic in multiple modules; centralize it and document expected usage. When framework upgrades happen, run targeted compatibility tests before broad rollout so behavior differences are found early. Teams that combine explicit contracts, focused tests, and small observability hooks usually reduce recurring bugs and spend less time in reactive debugging for disabling user selection in uiwebview workflows.

