What are some useful test case ideas (and test questions) related to string inputs? Usefulness need not mean applicable everywhere or all the time--just often enough to be worth considering when you address a new problem/system/domain.
Individual answers may contain questions specific to certain domains (eg email address) but should probably point to a separate wiki-question.
Please add your answer BOTH to the question and to the list of answers so that individual items may be voted upon.
Some answers:
- See https://github.com/minimaxir/big-list-of-naughty-strings
- Blank/null string
- Whitespace only
- All ASCII/ANSI characters 0-255
- Extended Ascii characters (e.g. in Outlook)
- Very long strings (suggest using perlclip to generate a counterstring, eg 2*4*6*8*11*14*17*20*
- Only one character
- Unicode characters
- SQL injection
- Cross-site scripting, Cross-site request forgery
- ReDos
Related SO Questions:
- localization concerns regarding number formats (decimals / commas)
- behavior sensitivity of special characters (for example supporting single quotes, but still being capable of parsing a name like
Jim O'malley) - escape character, and ending a string with the escape character - for example if your escape character is
^, and the user inputs something likeSee above^ - new lines in a string intended as single-line.
the list is endless though because it really depends on how you intend to use the string, and where it came from.
ReDos vulnerabilities if a Regular Expression is used
来源:https://stackoverflow.com/questions/3283104/test-cases-for-string-inputs