A webform is a set of fields, lists, and check-boxes that, when completed and submitted, could give a user access to a certain website functionality or would allow them to perform certain operations. It might also provide them with the opportunity to leave personal information.
Forms are an integral part of the Internet experience. From feedback to order forms, businesses use them to engage with their customers. Using online forms, businesses can collect valuable data about their products and services, improve on current offerings, or even provide information on new offerings before they are available to the public. Forms are also used for social networking sites like Facebook or blogging sites.
You need to know that form fields can have errors. This mistake could lead to users gaining access to the database. The text fields are the cause of many vulnerabilities in webapps. They are often overlooked or incorrectly implemented, so they can be manipulated or accessed by malicious users. If there are situations where user input gets through without validation, tests should check if it leads to a vulnerability. Incorrect user input can potentially cause erratic behavior, including failed transactions and crashes that expose bugs in the software.
There are many ways to check input field performance. You can do it manually one by one, or you can use automated software to help you do all the work for you.
In form testing, careful attention should be paid to a few important tips:
Checking short explanatory texts
These tips guide users through the process of filling out their information. They ensure that the information submitted matches what is on their credit card or other identification documents. It's important to make sure that users know what information is required on the form, what format it should be in, and why they must provide it.
Error messages
When users enter data, they should know when they have made a mistake. It's not enough to let the user know when there are errors. You must make sure that the data is not reset after the form is validated. This way, if the user runs into an error, they can be sure their data won't change. If the form resets the data when checking for errors, there's a high probability that the user will not re-fill out the form. It's also important to remember the key features of error messages: they should be simple, clear, and brief.
Error messages should be polite
Error messages should be tactful, concise, and not contain disapproval. Not only should the user be notified about their data errors, but they should also be alerted to fields that are formatted correctly. Particularly important fields should not only display error messages; they should also provide helpful tips. This could even come in the form of a link to another resource you have for that field.
Extreme attention to detail
User input should be made as easy as possible, especially when it comes to inputting dates, phone numbers, emails, and anything else that could cause trouble. If a user enters a specific date, it should be allowed to endorse this in any way they want, whether it's the month first or day first.
Testing without specifications
Imagine that we have to check a text field, but the project specifications don’t have any information about it. In this case, we can test the following cases:
● Fill in all the fields with correct information and then press the Submit button - this is a typical positive test case that assumes submitting the form with valid data in its fields. And this is the main rule for testing the newly implemented web form, you have to test positive scenarios first to make sure that it works correctly at least for valid data which is expected for this specific form.
● Do not fill in the required fields (marked with an asterisk) and then press the Submit button. Make sure there is a blank field warning.
● Enter spaces in all fields marked as required and then press the Submit button.
● Insert spaces before and after the main text in all text boxes.
● Fill out the form to see how many characters you can enter.
● Tap the minus sign and enter as many numbers as you can. When you're done, hit the submit button.
● Put all the special symbols in and click Submit.
● Enter different data in the ‘Password’ and ‘Repeat password’ fields. After filling in the rest of the required fields.
● Try to enter symbols that do not match ASCII. A few examples would be the different emoji icons.
● After authorization, your customers will not be logged out if they click the back button in their browser.
● The login field distinguishes between lowercase and uppercase.
● Enter this script: <script>alert('I hacked this!')</script>. If there's apop-up after submitting, it means that the field is vulnerable to a cross-site scripting attack.
● Check whether SQL injections are possible. Enter the code FOO’); DROP TABLE USERS. But please don’t do this on a live production database :)
Testing based on documentation
Let’s imagine we have this information about text fields. We know what to enter in them and how many characters are allowed according to the project acceptance criteria.
● Entered the wrong value. For example, trying to enter a word or date in a field where you should enter numbers.
● When the type of input is a number, try to enter a number with a decimal point.
● If the number field expects a number with a decimal, then try to enter a value that has a comma in it, or that begins with one.
● Enter more than the allowed maximum number of characters in the text fields.
● When entering a date field, it is essential to be as specific as possible. Try to enter the minimum and maximum dates, the 1 day before and over the maximum dates, and dates 100 years before and after the established technical limits.
● Can also try an irrational date.
● In a field that is expecting a phone number, check whether a non-conforming number is possible to enter.
For all of the checks listed above make sure to find out which error messages are displayed and make sure they are all correct.
During the full testing of a website, the process of testing a form is crucial because it affects not only how attractive software is to the user, but how fast and efficient are your site forms working.