Test cases for string inputs

Kimball Robinson picture Kimball Robinson · Jul 19, 2010 · Viewed 22.4k times · Source

What are some useful test case ideas (and test questions) related to string inputs? Usefulness need not mean applicable everywhere or all the time--just often enough to be worth considering when you address a new problem/system/domain.

Individual answers may contain questions specific to certain domains (eg email address) but should probably point to a separate wiki-question.

Please add your answer BOTH to the question and to the list of answers so that individual items may be voted upon.

Some answers:

  • See https://github.com/minimaxir/big-list-of-naughty-strings
  • Blank/null string
  • Whitespace only
  • All ASCII/ANSI characters 0-255
  • Extended Ascii characters (e.g. in Outlook)
  • Very long strings (suggest using perlclip to generate a counterstring, eg 2*4*6*8*11*14*17*20*
  • Only one character
  • Unicode characters
  • SQL injection
  • Cross-site scripting, Cross-site request forgery
  • ReDos

Related SO Questions:

Answer

tenfour picture tenfour · Jul 28, 2010
  • localization concerns regarding number formats (decimals / commas)
  • behavior sensitivity of special characters (for example supporting single quotes, but still being capable of parsing a name like Jim O'malley)
  • escape character, and ending a string with the escape character - for example if your escape character is ^, and the user inputs something like See above^
  • new lines in a string intended as single-line.

the list is endless though because it really depends on how you intend to use the string, and where it came from.