Sign in Subscribe

QA Exercise 5

Exercise · Bug Hunt (Profile Form & Validation)

QA · Hands-on
Fill out a profile form and save it. Find validation, security, and UX defects using STR → Expected vs Actual → Severity/Priority → Recommendation.
Intentionally buggy: weak email/phone checks, future/underage dates allowed, required fields not enforced, country/state mismatch, unescaped preview, random “success” despite errors.
Note: Preview renders HTML (on purpose) — try <b>bold</b>.
🎯 Instructions (Oral) task flow
  1. Enter a name with spaces at the start/end, a weak email (e.g., a@b), and letters in the phone field.
  2. Set a future date of birth and then a child age (e.g., under 13).
  3. Select United States but leave state blank; then select Other and enter a US-style state.
  4. Click Preview and type <b>bold</b> in the bio — observe formatting.
  5. Click Save profile multiple times; note success even when errors are present.
  6. Present your spoken bug report: TitleSteps to ReproduceExpected vs ActualSeverity/PriorityRecommendation.
📖 Vocabulary definitions
  • input validation — rules that ensure user input meets format and business requirements.
  • client-side vs server-side — checks in the browser vs on the server (authoritative).
  • sanitization — removing or escaping unsafe characters before rendering or storing.
  • trimming — removing leading/trailing whitespace from input.
  • age gate — enforcing a minimum age requirement.
  • dependency validation — when one field’s validity depends on another (country ↔ region).
  • UX consistency — UI messages and states accurately reflect validation outcomes.
  • happy path — a simple scenario with valid inputs and no errors.
🧩 Collocations natural pairings
  • enforce required fields / reject invalid formats
  • sanitize user input / escape HTML in previews
  • validate dependencies / block inconsistent combinations
  • trim whitespace / normalize case
  • surface clear error messages / prevent false positives
🗣️ Idioms & Phrasal Verbs natural speech
  • slip through — get accepted when it shouldn’t: “Weak emails slip through.”
  • paper over — hide a problem without fixing it: “Random success papers over errors.”
  • lock down — secure or restrict: “We need to lock down the preview rendering.”
  • line up with — match: “Errors don’t line up with field states.”
  • edge case — unusual inputs revealing bugs: “Future DOB is an edge case not handled.”
🎤 Model Answer (spoken style) example

Bug title: Profile form accepts invalid inputs and shows success despite errors; preview renders unescaped HTML.

Steps to reproduce: Enter “  Jane  ” as name, a@b as email, letters for phone, a future DOB, choose “United States” with empty state, type <b>bold</b> in bio, then click Save profile repeatedly.

Expected result: Trimmed name; strong email/phone checks; DOB cannot be in the future and must pass minimum age; country/state must be consistent; preview escapes HTML; save blocked until errors are fixed.

Actual result: Weak email/phone are accepted; future/underage DOB allowed; country/state mismatch not flagged; preview renders HTML; app sometimes shows “Saved” at random even with visible errors.

Severity / Priority: Major severity, P0/P1 — validation and security concerns can impact data quality and user trust.

Recommendation: Add strict client & server validation (trim, regex/email library, digits-only phone rules), enforce age gate and country↔region dependency, escape/sanitize preview output, and make save logic deterministic based on validation state.

Tip: press / to jump between sections.