The HTML5 spec is pretty clear about this:
For a test case, see the frames.location.href line of:
It just shows that the return value is undefined, with no exception being thrown.
Gecko and IE do throw the exception.
Alexey, adding you to the cc list since you mentioned this in comment 5 of bug 17627. I couldn't find another bug filed for this issue, but perhaps you're aware of one.
Since fixing the V8 bindings is significantly more complex than the JSC ones (see http://groups.google.com/group/v8-users/browse_thread/thread/e73680b6ca97a46d), I've split this bug into two (bug 43891 and bug 43892), since it'll be two pretty different patches.
*** Bug 81973 has been marked as a duplicate of this bug. ***
Mihai, I'm going to pick this up if you don't mind.
Poking the webkit-dev bear again: https://lists.webkit.org/pipermail/webkit-dev/2013-February/023636.html