this is due to the “content-security-policy” property being set by the main twitch site where your extension iframe resides in.
it forbids inline Javascript (as well as stuff like inline event handlers) to avoid issues like cross site scripting attacks being facilitated by an extension (i.e. your extension accidentally executing malicious 3rd party script injected to the DOM).
so, in short, it’s behaving this way because it is supposed to do so, you will have to put your script into separate files, away from your markup.
also, if you write your own stuff you should probably set CSP as well, it’s generally the safer and better way and gives more unobtrusive code too. (separation between markup and script)