Call LocalDOMWindow::clearDocument when a frame gets detached

third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp

Index: third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp b/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
index 598c7849184a513a3d75c786b24541ffefcfd366..a49903bd1143c107c53c9689438374b167f59240 100644
--- a/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.cpp
@@ -111,22 +111,9 @@ void V8WrapperInstantiationScope::securityCheck(
   // If the context is different, we need to make sure that the current
   // context has access to the creation context.
   Frame* frame = toFrameIfNotDetached(contextForWrapper);
-  if (!frame) {
-    // Sandbox detached frames - they can't create cross origin objects.
-    LocalDOMWindow* callingWindow = currentDOMWindow(isolate);
-    DOMWindow* targetWindow = toDOMWindow(contextForWrapper);
-    // TODO(jochen): Currently, Location is the only object for which we can
-    // reach this code path. Should be generalized.
-    ExceptionState exceptionState(ExceptionState::ConstructionContext,
-                                  "Location", contextForWrapper->Global(),
-                                  isolate);
-    if (BindingSecurity::shouldAllowAccessToDetachedWindow(
-            callingWindow, targetWindow, exceptionState))
-      return;
-
-    CHECK_EQ(SecurityError, exceptionState.code());
+  if (!frame)
     return;
-  }
+
   const DOMWrapperWorld& currentWorld = DOMWrapperWorld::world(m_context);
   RELEASE_ASSERT(currentWorld.worldId() ==
                  DOMWrapperWorld::world(contextForWrapper).worldId());