Fix frameElement for frames with a remote parent.

Source/web/tests/WebFrameTest.cpp

Index: Source/web/tests/WebFrameTest.cpp
diff --git a/Source/web/tests/WebFrameTest.cpp b/Source/web/tests/WebFrameTest.cpp
index 6848e91f3170131c08562b4c14be84f78253bbd7..0367c7c721cb98e9ea68ee6e22d6888e9fa4058b 100644
--- a/Source/web/tests/WebFrameTest.cpp
+++ b/Source/web/tests/WebFrameTest.cpp
@@ -7027,6 +7027,28 @@ TEST_F(WebFrameSwapTest, FramesOfRemoteParentAreIndexable)
     reset();
 }
 
+// Check that frames with a remote parent don't crash while accessing window.frameElement.
+TEST_F(WebFrameSwapTest, FrameElementInFramesWithRemoteParent)
+{
+    v8::HandleScope scope(v8::Isolate::GetCurrent());
+
+    FrameTestHelpers::TestWebRemoteFrameClient remoteClient;
+    WebRemoteFrame* remoteParentFrame = remoteClient.frame();
+    mainFrame()->swap(remoteParentFrame);
+    remoteParentFrame->setReplicatedOrigin(SecurityOrigin::createUnique());
+
+    FrameTestHelpers::TestWebFrameClient childFrameClient;
+    WebLocalFrame* childFrame = remoteParentFrame->createLocalChild("", WebSandboxFlags::None, &childFrameClient);
+    FrameTestHelpers::loadFrame(childFrame, m_baseURL + "subframe-hello.html");
+
+    v8::Local<v8::Value> frameElement = childFrame->executeScriptAndReturnValue(WebScriptSource("window.frameElement"));
+    // frameElement shouldn't be accessible cross-origin.
+    EXPECT_TRUE(frameElement.IsEmpty());
+
+    // Manually reset to break WebViewHelper's dependency on the stack allocated clients.
+    reset();
+}
+
 class RemoteToLocalSwapWebFrameClient : public FrameTestHelpers::TestWebFrameClient {
 public:
     explicit RemoteToLocalSwapWebFrameClient(WebRemoteFrame* remoteFrame)