Index: openacs-4/packages/acs-core-docs/www/xml/engineering-standards/auto-testing.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/engineering-standards/auto-testing.xml,v
diff -u -N
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/acs-core-docs/www/xml/engineering-standards/auto-testing.xml	21 Nov 2003 11:14:18 -0000	1.1.2.1
@@ -0,0 +1,74 @@
+<?xml version='1.0' ?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
+<!ENTITY % myvars SYSTEM "../variables.ent">
+%myvars;
+]>
+<sect1 id="automated-testing-best-practices">
+  <title>Automated Testing</title>
+
+<authorblurb>
+<para>By <ulink url="mailto:davis@xarg.net">Jeff Davis</ulink></para>
+</authorblurb>
+  
+  <para>Best practices in writing OpenACS automated tests</para>
+  <itemizedlist>
+    <listitem>
+      <formalpara>
+        <title>Special characters in Tcl</title>
+        <para>
+Try strings starting with a <computeroutput>-Bad</computeroutput> and strings containing <computeroutput>[BAD]</computeroutput>, <computeroutput>{</computeroutput>, <computeroutput>\077</computeroutput>, and <computeroutput>$Bad</computeroutput>.  For user input, <computeroutput>[BAD]</computeroutput> should never be evaluated, <computeroutput>\077</computeroutput> should not be turned into a <computeroutput>?</computeroutput> and <computeroutput>$Bad</computeroutput> should not be interpolated.  The <computeroutput>string -Bad [BAD] \077 { $Bad</computeroutput> should be valid user input, should pass through the system unaltered, and if it isn't that's a bug.
+</para>
+      </formalpara>
+    </listitem>
+    <listitem>
+      <formalpara>
+        <title>Quoting issues</title>
+        <para>Put some html in plain text fields and make sure the result is
+properly quoted anywhere it shows up (I use "&lt;b&gt;bold&lt;/b&gt;"
+usually).  Look out especially for quoting errors in the context bar
+and in round trips via an edit form. For fields that disallow html
+tags you can use <computeroutput>&amp;amp;</computeroutput> to check that the field is quoted
+properly.  If it is not displayed as <computeroutput>&amp;amp;</computeroutput> then the quoting for the field is incorrect. (It's not clear whether this
+should be considered an error but given that data for text fields can
+come from various sources if it's text it should be properly quoted
+and we should not rely on input validation to prevent XSS security
+holes.)</para>
+      </formalpara>
+    </listitem>
+    <listitem>
+      <formalpara>
+        <title>Whitespace input</title>
+        <para>Check that whitespace is not considered valid input for a field
+if it does not make sense.  For example, the subject of a forum post is
+used to construct a link and if it is " " it will have a link of
+<computeroutput>&lt;a href="..."&gt; &lt;/a&gt;</computeroutput> which would not be clickable if whitespace was allowed as a valid input.
+</para>
+      </formalpara>
+    </listitem>
+    <listitem>
+      <formalpara>
+        <title>Doubleclick</title>
+        <para>
+Make sure that if you submit a form, use the back button, and submit
+again that the behavior is reasonable (correct behavior depends on
+what the form is for, but a server error is not reasonable).
+</para>
+      </formalpara>
+    </listitem>
+    <listitem>
+      <formalpara>
+        <title>Duplicate names</title>
+        <para>
+Make sure that if a duplicate name is entered that there is a
+reasonable error rather than a server error.  Check for
+insert, move, copy, and rename.
+</para>
+      </formalpara>
+    </listitem>
+  </itemizedlist>
+
+
+<para><phrase role="cvstag">($Id: auto-testing.xml,v 1.1.2.1 2003/11/21 11:14:18 joela Exp $)</phrase></para>
+
+</sect1>