Bug 171841 - In a WKWebView app, window.screenX and window.screenY are garbage
Summary: In a WKWebView app, window.screenX and window.screenY are garbage
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
Keywords: InRadar
Depends on:
Reported: 2017-05-08 18:29 PDT by Simon Fraser (smfr)
Modified: 2021-12-14 11:16 PST (History)
5 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Simon Fraser (smfr) 2017-05-08 18:29:18 PDT
In a WKWebView app on macOS, if a page reads window.screenX/window.screenY, they get back nonsensical data. This is because UIClient::windowFrame() returns an empty rect, which we then send through coordinate-flipping code. windowFrame() needs to work for the Objective-C API.
Comment 1 Simon Fraser (smfr) 2017-05-08 18:44:32 PDT
We may have done this on purpose for privacy reasons.
Comment 2 Simon Fraser (smfr) 2017-05-08 18:44:54 PDT
diff --git a/Source/WebKit2/UIProcess/Cocoa/UIDelegate.h b/Source/WebKit2/UIProcess/Cocoa/UIDelegate.h
index d9381d3d19b4f4533b02a0e04400da81f61dcb84..61fe613cbbddc7142ccb73e3aa360a4f280041fe 100644
--- a/Source/WebKit2/UIProcess/Cocoa/UIDelegate.h
+++ b/Source/WebKit2/UIProcess/Cocoa/UIDelegate.h
@@ -88,6 +88,7 @@ private:
         void runJavaScriptPrompt(WebKit::WebPageProxy*, const WTF::String&, const WTF::String&, WebKit::WebFrameProxy*, const WebCore::SecurityOriginData&, Function<void (const WTF::String&)>&& completionHandler) override;
         void exceededDatabaseQuota(WebPageProxy*, WebFrameProxy*, API::SecurityOrigin*, const WTF::String& databaseName, const WTF::String& displayName, unsigned long long currentQuota, unsigned long long currentOriginUsage, unsigned long long currentUsage, unsigned long long expectedUsage, Function<void (unsigned long long)>&& completionHandler) override;
         void reachedApplicationCacheOriginQuota(WebPageProxy*, const WebCore::SecurityOrigin&, uint64_t currentQuota, uint64_t totalBytesNeeded, Function<void (unsigned long long)>&& completionHandler) override;
+        WebCore::FloatRect windowFrame(WebKit::WebPageProxy*) override;
         bool runOpenPanel(WebPageProxy*, WebFrameProxy*, const WebCore::SecurityOriginData&, API::OpenPanelParameters*, WebOpenPanelResultListenerProxy*) override;
diff --git a/Source/WebKit2/UIProcess/Cocoa/UIDelegate.mm b/Source/WebKit2/UIProcess/Cocoa/UIDelegate.mm
index 4f21e823301c3c6adcd39d6ce0b077ce7c4ca5b1..3a8e3c4ce5ac1a07d386898c1ef734b9d2cd6cb6 100644
--- a/Source/WebKit2/UIProcess/Cocoa/UIDelegate.mm
+++ b/Source/WebKit2/UIProcess/Cocoa/UIDelegate.mm
@@ -529,6 +529,15 @@ void UIDelegate::UIClient::reachedApplicationCacheOriginQuota(WebPageProxy*, con
+WebCore::FloatRect UIDelegate::UIClient::windowFrame(WebKit::WebPageProxy*)
+    WKWebView *webView = m_uiDelegate.m_webView;
+    if (!webView.window)
+        return { };
+    return webView.window.frame;
 void UIDelegate::UIClient::printFrame(WebKit::WebPageProxy*, WebKit::WebFrameProxy* webFrameProxy)
     ASSERT_ARG(webFrameProxy, webFrameProxy);
Comment 3 Radar WebKit Bug Importer 2017-08-17 11:14:25 PDT
Comment 4 Aidin NasiriShargh 2021-12-14 11:16:57 PST
I am coming from https://bugs.webkit.org/show_bug.cgi?id=234256 that I filed yesterday.

As I mentioned there (and in my StackOverflow at https://stackoverflow.com/q/70339906) I can calculate these values on any touch event (MouseEvent.screenY - MouseEvent.clientY, or so).

So, it doesn't make much sense to me that it's not returned for "privacy reasons" only until the user touches anywhere on the page (even for scrolling), just once.