Test cases for string inputs [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 5 years ago.

Improve this question

What are some useful test case ideas (and test questions) related to string inputs? Usefulness need not mean applicable everywhere or all the time--just often enough to be worth considering when you address a new problem/system/d开发者_运维知识库omain.

Individual answers may contain questions specific to certain domains (eg email address) but should probably point to a separate wiki-question.

Please add your answer BOTH to the question and to the list of answers so that individual items may be voted upon.

Some answers:

• See https://github.com/minimaxir/big-list-of-naughty-strings
• Blank/null string
• Whitespace only
• All ASCII/ANSI characters 0-255
• Extended Ascii characters (e.g. in Outlook)
• Very long strings (suggest using perlclip to generate a counterstring, eg 2*4*6*8*11*14*17*20*
• Only one character
• Unicode characters
• SQL injection
• Cross-site scripting, Cross-site request forgery
• ReDos

Related SO Questions:

• Other test catalogs

---

• localization concerns regarding number formats (decimals / commas)
• behavior sensitivity of special characters (for example supporting single quotes, but still being capable of parsing a name like Jim O'malley)
• escape character, and ending a string with the escape character - for example if your escape character is ^, and the user inputs something like See above^
• new lines in a string intended as single-line.

the list is endless though because it really depends on how you intend to use the string, and where it came from.

---

ReDos vulnerabilities if a Regular Expression is used

http://msdn.microsoft.com/en-us/magazine/ff646973.aspx