QA Hates You

As you know, you should always test your edit boxes to make sure that it can handle things like HTML and XML tags within it, particularly the dreaded </html> and </xml> or </table> or <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">. At best, the application will handle it through any sort of mechanisms, such as:

• Accepting the value, but using escaped characters so that the application, browser, and database know this isn’t supposed to render.
• Disallowing use of the < or > characters.
• Performing client- or server-side validation to tell user to try again without the markup.

What the application should not do is this:

Click for full sizeBy default, they tell me, Microsoft Internet Information Server will automatically “handle” HTML or doctype declarations by throwing up a stack trace. Thanks, Microsoft, for helping Web sites/applications abandon their dignity. Don’t let your developers fail to handle this correctly.

This entry was posted on Friday, August 24th, 2007 at 1:21 pm by The Director and is filed under Gallery of Stack Traces. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.