Brave shield blocks iframes to extension views (internal .html pages)

Description of the issue:
If an installed extension injects an iframe to any of its own views (.html files), then the iframe will be blocked by the Brave shield and not visible.
Iframes that show extension views should not be blocked by default.

Note: This does not affect unpacked extensions in developer mode, but affects all packed extensions from any sources, even with developer mode enabled.

How can this issue be reproduced?
Small code sample for easy reproduction:

    "name": "Brave shield bug repro",
    "description": "Brave shield bug repro",
    "manifest_version": 3,
    "version": "",
    "permissions": [],
    "host_permissions": [
    "web_accessible_resources": [
            "resources": [
            "matches": [
    "content_scripts": [
            "matches": [
            "js": [


<!DOCTYPE html>
        This should be visible.


const iframe = document.createElement('iframe');
iframe.src = chrome.runtime.getURL('view.html');

document.body.insertBefore(iframe, document.body.firstChild);
  1. Create the 3 files with the names and contents as shown above and put them in the same directory.
  2. Enable developer mode, click pack extension and select the directory.
  3. Drag the resulting .crx into Brave to install the extension.
  4. Visit

Expected result:
The iframe is visible at the top of the page.

Actual result
The iframe is blocked by the Brave shield.

Brave Version( check About Brave):
1.46.133, but probably affects all versions

Additional Information:
code samples above

1 Like

Hello there @backfromexile please try installing the Beta or Nightly version of Brave to see if the issue persists on those versions.

Be waiting for your response.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.