To fix the cross-site post submission bug.

chrome/browser/extensions/isolated_app_browsertest.cc

Index: chrome/browser/extensions/isolated_app_browsertest.cc
diff --git a/chrome/browser/extensions/isolated_app_browsertest.cc b/chrome/browser/extensions/isolated_app_browsertest.cc
index 5962f77022d4a27a1eafe82a1967816c55d72f96..d65ab76003132e8cf3997c18ad1e772eca7d14ee 100644
--- a/chrome/browser/extensions/isolated_app_browsertest.cc
+++ b/chrome/browser/extensions/isolated_app_browsertest.cc
@@ -106,6 +106,70 @@ IN_PROC_BROWSER_TEST_F(IsolatedAppTest, CrossProcessClientRedirect) {
   EXPECT_FALSE(chrome::CanGoBack(browser()));
 }
 
+IN_PROC_BROWSER_TEST_F(IsolatedAppTest, CrossSiteDataPost) {
+  host_resolver()->AddRule("*", "127.0.0.1");
+  ASSERT_TRUE(test_server()->Start());
+
+  ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII("isolated_apps/app1")));
+
+  GURL base_url = test_server()->GetURL("files/extensions/isolated_apps/");
+  GURL::Replacements replace_host;
+  std::string host_str("localhost");  // Must stay in scope with replace_host.
+  replace_host.SetHostStr(host_str);
+  base_url = base_url.ReplaceComponents(replace_host);
+  std::string resolve_url ="app1/main.html";
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), base_url.Resolve(resolve_url),
+      CURRENT_TAB, ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
+
+  WebContents* tab0 = chrome::GetWebContentsAt(browser(), 0);
+  pid_t old_process = tab0->GetRenderProcessHost()->GetHandle();
+
+  std::string data = "post \0\ndata";
+  GURL echo_url = test_server()->GetURL("echoall");
+  std::string jsSubmit = "(function submitform() {";
+  jsSubmit.append("var form = document.createElement(\"form\");");
+  jsSubmit.append("form.setAttribute(\"method\", \"POST\");");
+  jsSubmit.append("form.setAttribute(\"action\", \"");
+  jsSubmit.append(echo_url.spec().c_str());
+  jsSubmit.append("\");var hiddenField = document.createElement(\"input\");");
+  jsSubmit.append("hiddenField.setAttribute(\"type\", \"hidden\");");
+  jsSubmit.append("hiddenField.setAttribute(\"name\", \"data\");");
+  jsSubmit.append("hiddenField.setAttribute(\"value\", \"" + data + "\");");
+  jsSubmit.append("form.appendChild(hiddenField);");
+  jsSubmit.append("document.body.appendChild(form);");
+  jsSubmit.append("form.submit();");
+  jsSubmit.append("})()");
+
+  ASSERT_TRUE(ExecuteJavaScript(
+      chrome::GetWebContentsAt(browser(), 0)->GetRenderViewHost(),
+      L"",
+      ASCIIToWide(jsSubmit)));
+
+  const string16 expected_title = ASCIIToUTF16("echoall");
+  content::TitleWatcher title_watcher(tab0, expected_title);
+  string16 actual_title = title_watcher.WaitAndGetTitle();

[Charlie Reis, 2012/11/20 05:46:03]

Can we avoid relying on title changes?  Might be better to wait for LOAD_STOP. 
(Also, it's best to declare any observers before the action itself.  In this
case, you'd declare it above ExecuteJavaScript and wait afterwards.)

[irobert, 2012/11/22 01:37:00]

Done.

+  EXPECT_EQ(expected_title, actual_title);
+
+  // Make Sure we are in the new process

[Charlie Reis, 2012/11/20 05:46:03]

nit: sure
nit: end with period.

[irobert, 2012/11/22 01:37:00]

Done.

+  WebContents* tab1 = chrome::GetWebContentsAt(browser(), 0);
+  EXPECT_NE(old_process,
+            tab1->GetRenderProcessHost()->GetHandle());
+
+  std::string getResult = "window.domAutomationController.send(";

[Charlie Reis, 2012/11/20 05:46:03]

Maybe add a comment to this block about how it's reading the post data from the
body of the page.

[irobert, 2012/11/22 01:37:00]

Done.

+  getResult.append("document.getElementsByTagName('pre')[0].firstChild.data);");
+  std::string value;
+  ASSERT_TRUE(ExecuteJavaScriptAndExtractString(
+      chrome::GetWebContentsAt(browser(), 0)->GetRenderViewHost(),
+      L"",
+      ASCIIToWide(getResult),
+      &value));
+  EXPECT_EQ("data="+data+"\n", value);

[Charlie Reis, 2012/11/20 05:46:03]

nit: Spaces around the +'s

[irobert, 2012/11/22 01:37:00]

Done.

+}
+
+IN_PROC_BROWSER_TEST_F(IsolatedAppTest, CrossSiteFilePost) {
+}
+
 // Tests that cookies set within an isolated app are not visible to normal
 // pages or other apps.
 //