← All tests

Setup: add this filter rule

Before running the test, add the following custom filter rule to your browser (Brave: Settings → Brave Shields & Privacy → Content Filtering → Custom Filters):

||test-website-a.pages.dev/local-frames/local-frame-content-filtering/test.png$image

This rule should block the probe image on this page. After adding it, reload this page and click Run Test.

What this tests

The test loads a small probe image (test.png) in two contexts:

  1. Directly in this page (main frame).
  2. Inside a dynamically created about:blank iframe.

An about:blank frame has no URL of its own; its code runs with the security origin of the parent frame. A correct implementation therefore applies the same content-filtering rules to both contexts.

On vulnerable implementations (e.g. Brave iOS), the browser resolves the frame’s context from window.location.href (about:blank) rather than from the inherited parent origin, so first-party filter rules are silently skipped inside the frame.

Expected results

Scenario Main frame about:blank frame Verdict
No filter rule active Loads Loads Not meaningful — add the rule first
Protected browser (rule active) Blocked Blocked Pass
Vulnerable browser (rule active) Blocked Loads Fail — about:blank bypasses filtering