Wednesday, 28 January 2015

Learn the rules first - then break them

My blog appears to be rapidly filling up with 'life' and I'm neglecting the 'work' side of things, which isn't a very true representation of things at all! So in the interest of balance, here's a little nugget that occurred to me this afternoon.

I arrived at this seemingly simple looking popup with a single text box that expects a URL.

There are many ways to test this single text field. I could have just tried a few URLs. I could let the cat wander across my laptop. I could think up different strings of characters that I think might cause a problem. I could search the internet for known troublesome URLS. I could even use one of the many many many automation frameworks available to check hundreds of these different values for me.
But it could be much quicker to approach this from a different angle. I'm in the very fortunate situation of not only possessing a detailed specification, but the developer on the project sits next to me and in this instance there is also some validation happening right in the browser that I can see with Chrome's inspector tool. So I can easily find out the rules that apply to this field.

In this case we can see that the validation is expecting segments containing any amount of letters a-z (both upper and lower case) and numbers 0-9 separated by dots, but the final section must only contain a-z and be between 2 and 6 characters. So all I need to do is find out if something breaks that rule! It just so happens that I know of a valid domain with a TLD that is 7 characters long... ;-)

Longer ones exist. Recently TLDs like university, photography and education have been made available. The longest one in the ICANN list is .cancerresearch at 16 characters, followed by .versicherungen (14) which is the German word for insurance.

So save yourself some time and effort. Find out what the rules are first if you can. And then find something that breaks them!

It may seem like an obvious point, but it's important to remember the basics. I could have easily missed this if I'd stuck with the usual .com, .net and style domains without doing any digging.

* And yes, my next question for the developer sat next to me is, what happens if I bypass the client-side validation and submit an invalid string? Or a drop tables command? Or I might just try it without asking and see what breaks!

No comments:

Post a Comment