Rework security checks to be based on Window rather than Frame.

third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp

Index: third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp b/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
index c9bcc0472ff271edc9bce2bebaa0473765ea6e40..8412115300deb0b2a5fc07fa151934d8c49f4ca8 100644
--- a/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
@@ -196,14 +196,8 @@ void V8Window::openerAttributeSetterCustom(
     const v8::PropertyCallbackInfo<void>& info) {
   v8::Isolate* isolate = info.GetIsolate();
   DOMWindow* impl = V8Window::toImpl(info.Holder());
-  // TODO(dcheng): Investigate removing this, since opener is not really a
-  // cross-origin property (so it shouldn't be accessible to begin with)
-  ExceptionState exceptionState(isolate, ExceptionState::SetterContext,
-                                "Window", "opener");
-  if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
-                                            impl, exceptionState)) {
+  if (!impl->frame())
     return;
-  }
 
   // Opener can be shadowed if it is in the same domain.
   // Have a special handling of null value to behave
@@ -360,7 +354,8 @@ void V8Window::namedPropertyGetterCustom(
   if (!BindingSecurity::shouldAllowAccessTo(
           currentDOMWindow(info.GetIsolate()), window,
           BindingSecurity::ErrorReportOption::DoNotReport)) {
-    BindingSecurity::failedAccessCheckFor(info.GetIsolate(), frame);
+    BindingSecurity::failedAccessCheckFor(
+        info.GetIsolate(), &V8Window::wrapperTypeInfo, info.Holder());
     return;
   }