May 25, 2010

General Input Tests for URL Characters

Sometimes, you need to accept data, then use it as part of a URL.  Your test data should probably include both valid and invalid characters.

From RFC 1738:
"Only alphanumerics [0-9a-zA-Z], the special characters $-_.+!*'(), and reserved characters used for their reserved purposes may be used unencoded within a URL."

Here are some routine tests to try for a URL value.  Decide which of the following are relevant for your input field and use them.  If you are using an automated test tool, these values can easily be used exhaustively, or randomly, by a test script.

Unreserved Characters
(Normally don't need to encode these characters)

ASCII Characters A-Z, a-z, 0-9
$ Dollar
- Dash
_ Underscore
. Period
! Exclamation
* Asterisk
' Single quote
( Left parenthesis
) Right parenthesis
, Comma

Reserved Characters
(Should generally not be included as part a query parameter without being encoded)

Semi colon
/ Forward slash 
? Question mark
: Colon
@ At symbol
= Equals
& Ampersand
+ Plus

Unsafe Characters
(Gateways are known to sometimes modify these characters, so they should be encoded)

{ Left curly brace
} Right curly brace
| Pipe
\ Backslash
^ Caret
~ Tilde
[ Left square bracket
] Right square bracket
` Grave accent

Excluded Characters
(Should always be encoded)

all ASCII control characters
the space character
< Less than
> Greater than
# Pound (hash) sign
% Percent
" Double quotes

I'm Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.

No comments:

Post a Comment