Hello, Here's some sample Javascript code: if (window.ApplePaySession) { console.log('ApplePaySession is available'); console.log('canMakePayments: ' + ApplePaySession.canMakePayments()); ApplePaySession.canMakePaymentsWithActiveCard(merchantId) .then(function(canMakePayments) { console.log('canMakePaymentsWithActiveCard: ' + canMakePayments); }); } else { console.log('ApplePaySession is not available'); } I'm logged into macOS with a sandbox test account that has Apple Pay permissions. The merchantId value is the one listed with my merchant ID. I'm running this locally. canMakePayments returns true, but canMakePaymentsWithActiveCard always returns false. I have two test cards setup in the macOS account's Apple Pay wallet, and both have a billing address setup. What can I do to troubleshoot why ApplePaySession.canMakePaymentsWithActiveCard is returning false?

Hi Safari team, I am a product manager working for a large content recommendation company. Our JavaScriot SDK is running on more than 9000 leading publishers worldwide and has been certified to be aligned with global legal and privacy regulations and guidelines. We have the following problem: Since the launch of Safari 17 (in iOS, iPadOS, and MacOS) - we can see our JavaScript SDK blocked when the user uses the private browsing mode Safari 17 sometimes identifies our loading and rendering JavaSctipt files as any request/action by our domain to be a tracking activity (we see the JavaScript files in the console tagged with “Blocked connection to known tracker” log) In previous Safari versions, we only got the tracking functionality blocked, allowing our content to render We have the following questions: Can JavaScript running in Safari detect the user has the privacy mode turned on? Was there something specific in Safari 17 “Tracking Protection” functionality that now blocks content rendering on the page in addition to tracking activity? Context: We can run our JavaScript without performing any form of tracking, either directly by my domain or any other 3rd party vendor we are working with. We will render our content without performing any form of tracking or fingerprinting We are already following Apple’s iOS IDFA guidelines. Our iOS SDK, for example, detects and respects when the user opts out from sharing the IDFA on an iOS app running our code. In that case, we show our content without breaching the App Tracking Transparency framework rules. Besides sponsored content, our JavaScript SDK also powers organic recommendations for our clients. With Safari 17 blocking anything in private browsing mode, we see unfair interference with organic engagement. Please let us know if you provide guidance to allow our JavaScript SDK to render content when the user uses the private browsing mode, adhering to the privacy requirements. Thank you for helping! Omri.

on our web pages we have allowed certain sources of scripts though content-security-policy meta tag which is working fine as expected on Chrome browser and on Internet Edge. However there is a script called morosa.top when it inserted in our html page, safari is not able to block it while it was supposed to block. if this script gets executed it start taking screenshots of screen and post it to hacker. Please check this could be a potential issue. [Edited by Moderator]

Any page that has a JavaScript function named "top()" in it causes JavaScript to fail. The function doesn't need to be called or even contain anything. eg. function top() { } JavaScript just locks up. This affects iOS17.2 and macOS 14.2 If occurs in Safari and any app using WKWebView This is a critical bug that affects sites and apps in the wild. I suggest there is something very wrong with the Javascript engine in general if certain function names can cause such a failure. Does anyone else have other function names that cause this failure?