Back to work this new year and I’m catching up with what I’ve missed while I was on holiday. I found some notes I made when I checked out an internal site that got deployed. This one is about how data gets handled (or mishandled) in one of the forms in that site.
Usually in testing web applications, I try various inputs like
- “♥” – sometimes this gets displayed as ♥
- “alert(‘hello’);” – sometimes the alert / pop-up shows up on screen
- “<b>hello</b>” – sometimes this gets displayed as hello
In the above cases, what I entered isn’t the same as what gets stored or retrieved. Cases such as these — wherein our actual data input doesn’t get preserved — are things I try to watch out for and bring to the team’s attention.