First off, kudos to taking the initiative and time to do proper testing
On all the projects I do, I try to test as many scenarios as I can, however, I realize I won't get them all when it comes to complicated regex or the like. So I go with what I feel is the most typical errors, a slew of random input, and a few edge cases that I could see others trying to enter. Beyond that, I just watch for issues, and when they arise, I add a test around those specific inputs.
Over time, it becomes rock solid (to the point, looking into the issue and adding a test is more expensive than what it is worth -- at that point, you are in a good position).
I think based on your description, you are set with what you have. You just need to release it, and monitor it.