Index: content/renderer/render_frame_impl.cc |
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc |
index d2030c35e017a83ed17e6526dbb2907d173b90c1..be5d4da59db647458e1ce3322f9852a9fffe7b6a 100644 |
--- a/content/renderer/render_frame_impl.cc |
+++ b/content/renderer/render_frame_impl.cc |
@@ -2776,6 +2776,9 @@ RenderFrameImpl::createServiceWorkerProvider() { |
} |
void RenderFrameImpl::didAccessInitialDocument() { |
+ // NOTE: It is critical not to call back into JavaScript here, since this call |
+ // is made from a V8 security check. |
+ |
// If the request hasn't yet committed, notify the browser process that it is |
// no longer safe to show the pending URL of the main frame, since a URL spoof |
// is now possible. (If the request has committed, the browser already knows.) |