I build a framework that has a function that returns a UIView with a web view inside. The app that uses the framework has control over the webview through the subviews API of my UIView.
I do not want the framework consumer to utilise the web view's methods and properties. How do I limit access to web view methods like evaluateJavascript, navigation delegate etc?
If you have a WKWebView instantiated in an application process and it is a member of the UIView hierarchy, then there is nothing you can do to prevent a determined programmer from gaining access to it. Doing so is pretty fundamental UIKit API.
There is another web content related API - SFSafariViewController - that allows embedding web content in an application. It is hosted out-of-process from the application, and therefore not even a determined programmer can gain access to its native APIs. It can be presented by frameworks as well... However its presentation is much more limited than WKWebView by design, so it may not fulfill your use case.
