Throw an exception when denying access to 'Frame's 'location' setter.

Source/core/page/DOMWindow.cpp

Index: Source/core/page/DOMWindow.cpp
diff --git a/Source/core/page/DOMWindow.cpp b/Source/core/page/DOMWindow.cpp
index a7f252fee30a880083f10f00aabc39c36fa7c799..852eb9f5eeda06e020b576c0f7e071e1d4baef57 100644
--- a/Source/core/page/DOMWindow.cpp
+++ b/Source/core/page/DOMWindow.cpp
@@ -1576,6 +1576,27 @@ void DOMWindow::printErrorMessage(const String& message)
     pageConsole()->addMessage(JSMessageSource, ErrorMessageLevel, message);
 }
 
+// FIXME: Once we're throwing exceptions for cross-origin access violations, we will always sanitize the target
+// frame details, so we can safely combine 'crossDomainAccessErrorMessage' with this method after considering
+// exactly which details may be exposed to JavaScript.
+//
+// http://crbug.com/17325
+String DOMWindow::sanitizedCrossDomainAccessErrorMessage(DOMWindow* activeWindow)
+{
+    const KURL& activeWindowURL = activeWindow->document()->url();
+    if (activeWindowURL.isNull())
+        return String();
+
+    ASSERT(!activeWindow->document()->securityOrigin()->canAccess(document()->securityOrigin()));
+
+    SecurityOrigin* activeOrigin = activeWindow->document()->securityOrigin();
+    String message = "Blocked a frame with origin \"" + activeOrigin->toString() + "\" from accessing a cross-origin frame.";
+
+    // FIXME: Evaluate which details from 'crossDomainAccessErrorMessage' may safely be reported to JavaScript.
+
+    return message;
+}
+
 String DOMWindow::crossDomainAccessErrorMessage(DOMWindow* activeWindow)
 {
     const KURL& activeWindowURL = activeWindow->document()->url();