Throw 'SecurityError' upon cross-origin Location access.

Source/bindings/v8/V8Initializer.cpp

Index: Source/bindings/v8/V8Initializer.cpp
diff --git a/Source/bindings/v8/V8Initializer.cpp b/Source/bindings/v8/V8Initializer.cpp
index c1ff7cb8959d8321abe3484d4cd3a8cce099ad9d..cfa378a1c6bb2146d9e149f49e30386af9bda1c0 100644
--- a/Source/bindings/v8/V8Initializer.cpp
+++ b/Source/bindings/v8/V8Initializer.cpp
@@ -35,6 +35,7 @@
 #include "bindings/v8/V8GCController.h"
 #include "bindings/v8/V8PerContextData.h"
 #include "core/dom/Document.h"
+#include "core/dom/ExceptionCode.h"
 #include "core/inspector/ScriptCallStack.h"
 #include "core/page/ConsoleTypes.h"
 #include "core/page/ContentSecurityPolicy.h"
@@ -103,6 +104,11 @@ static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host, v8
         return;
     DOMWindow* targetWindow = target->document()->domWindow();
     targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow()));
+
+    // Throw an exception for failed-access checks against Location objects, otherwise write to the console.
+    WrapperTypeInfo* typeInfo = WrapperTypeInfo::unwrap(data);
+    if (V8Location::info.equals(typeInfo))
+        setDOMException(SecurityError, v8::Isolate::GetCurrent());

[abarth-chromium, 2013/07/12 22:57:08]

Why only location?  Why not have every security violation throw an exception?  I
guess we can start with location and see how it goes.

 }
 
 static bool codeGenerationCheckCallbackInMainThread(v8::Local<v8::Context> context)