summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorCHI Cheng <cloudream@gmail.com>2018-05-02 23:20:04 +1000
committerTim Graham <timograham@gmail.com>2018-05-02 09:35:26 -0400
commit482ba9246e1838378a7e320c247fa7338ca49b40 (patch)
treec676d1e9a5516ce413f8f59059e701392ce811d7 /docs/ref
parent30038300085b21fc1a8afe54a1c6e9eebbd6db47 (diff)
[2.0.x] Fixed #29375 -- Removed empty action attribute on HTML forms.
Backport of 4660ce5a6930e07899ed083801845ee4c44c09df from master
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/class-based-views/generic-editing.txt8
-rw-r--r--docs/ref/csrf.txt4
2 files changed, 6 insertions, 6 deletions
diff --git a/docs/ref/class-based-views/generic-editing.txt b/docs/ref/class-based-views/generic-editing.txt
index 65cd772536..b4bf7e9480 100644
--- a/docs/ref/class-based-views/generic-editing.txt
+++ b/docs/ref/class-based-views/generic-editing.txt
@@ -74,7 +74,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Send message" />
</form>
@@ -130,7 +130,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Save" />
</form>
@@ -187,7 +187,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Update" />
</form>
@@ -238,7 +238,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
<p>Are you sure you want to delete "{{ object }}"?</p>
<input type="submit" value="Confirm" />
</form>
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index dd5ea479ae..d79bfd9dd9 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -41,7 +41,7 @@ To take advantage of CSRF protection in your views, follow these steps:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
This should not be done for POST forms that target external URLs, since
that would cause the CSRF token to be leaked, leading to a vulnerability.
@@ -179,7 +179,7 @@ to ``{% csrf_token %}`` in the Django template language. For example:
.. code-block:: html+jinja
- <form action="" method="post">{{ csrf_input }}
+ <form method="post">{{ csrf_input }}
The decorator method
--------------------