Test cases for string inputs

Question

What are all test cases (and test test case brainstorming questions) related to string inputs?

Individual answers may contain questions specific to certain domains (eg email address) but should probably point to a separate wiki-question.

Please add your answer BOTH to the question and to the list of answers so that individual items may be voted upon.

Some answers:

• Blank/null string
• Whitespace only
• All ASCII/ANSI characters 0-255
• Very long strings (suggest using perlclip to generate a counterstring, eg 2*4*6*8*11*14*17*20*
• Only one character
• Unicode characters
• SQL injection
• Cross-site scripting, Cross-site request forgery
• ReDos

Related SO Questions:

• Other test catalogs

Answer 1

ReDos vulnerabilities if a Regular Expression is used

http://msdn.microsoft.com/en-us/magazine/ff646973.aspx

Answer 2

• localization concerns regarding number formats (decimals / commas)
• behavior sensitivity of special characters (for example supporting single quotes, but still being capable of parsing a name like Jim O'malley)
• escape character, and ending a string with the escape character - for example if your escape character is ^, and the user inputs something like See above^
• new lines in a string intended as single-line.

the list is endless though because it really depends on how you intend to use the string, and where it came from.