Google Translate HTML Injection on iOS Mobile Browser

Hi,

I had a user visit one of the websites powered by my business platform. I resolved the odd JavaScript error (the browser doesn’t return a URL or line number for inline JavaScript errors such as a href=”javascript:function_renamed_wrong_intentionally();”></a>.

I noticed that a modal kept being displayed during the opening animation. Well, after I resolved the issue with the missing JavaScript error parameters from Brave I determined that Brave, on mobile/iOS, is injecting HTML code in to the website DOM. That code starts with the following: <div id="goog-gt-tt" class="skiptranslate" dir="ltr">.

So it’s clearly Google Translate. I literally installed Brave from Apple’s store and went straight to the website to resolve the first issue; so clearly Google Translate being injected in to the website’s DOM is part of the default settings.

Anything added to the body element directly is treated like a modal and then verified that it’s first-party, otherwise it’s automatically removed and then reported.

Since Brave is supposed to be about privacy this makes no sense. Google is at least as poised to hijack their own wholly controlled services as Nvidia is like when Nvidia injected fake-AI everything-Instagram face replacement in DLSS 5 preview which is only supposed to be about upscaling. This really should be an opt-in only option not enabled by default.

@jabcreations

Turns out, there is a Brave Browser (iOS) setting to Disable Brave Translate.

I literally just validated that Firefox, Safari and even Chrome (on my iPhone) do not inject any HTML code at all on to the same website, this is a Brave-specific feature, not an iOS forced policy of any kind. I literally explicitly scan for injected third party code on my platform that I’ve written from scratch, there is no greater level of verification than that.

I have no idea why you asked ChatGPT. It’s web spider looks at websites like Stackoverflow and blindly presumes the most up-voted answers are “correct” when I have had to validate everything I’ve come across on there and the majority of it is explicitly wrong. It does has some limited uses just as partially critiquing writing but any blind the copy-paste stuff is watered down nonsense.

So in summation: Brave, just Brave, is injecting Google Translate HTML code on to the page while the other browsers don’t and it shouldn’t be doing this unless the user explicitly opts-in.