summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorCHI Cheng <cloudream@gmail.com>2018-05-02 23:20:04 +1000
committerTim Graham <timograham@gmail.com>2018-05-02 09:20:04 -0400
commit4660ce5a6930e07899ed083801845ee4c44c09df (patch)
treefb30d82cab0e71391bf050c02bd95d35fd1ecc25 /docs
parentc02953ebbce805427a08985e674a3d4457ca1be8 (diff)
Fixed #29375 -- Removed empty action attribute on HTML forms.
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/class-based-views/generic-editing.txt8
-rw-r--r--docs/ref/csrf.txt4
-rw-r--r--docs/topics/forms/formsets.txt6
-rw-r--r--docs/topics/forms/modelforms.txt8
4 files changed, 13 insertions, 13 deletions
diff --git a/docs/ref/class-based-views/generic-editing.txt b/docs/ref/class-based-views/generic-editing.txt
index 8c1fe0f758..969a033a31 100644
--- a/docs/ref/class-based-views/generic-editing.txt
+++ b/docs/ref/class-based-views/generic-editing.txt
@@ -74,7 +74,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Send message">
</form>
@@ -130,7 +130,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Save">
</form>
@@ -187,7 +187,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="Update">
</form>
@@ -238,7 +238,7 @@ editing content:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
<p>Are you sure you want to delete "{{ object }}"?</p>
<input type="submit" value="Confirm">
</form>
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index fdb373b002..2664a6270f 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -41,7 +41,7 @@ To take advantage of CSRF protection in your views, follow these steps:
.. code-block:: html+django
- <form action="" method="post">{% csrf_token %}
+ <form method="post">{% csrf_token %}
This should not be done for POST forms that target external URLs, since
that would cause the CSRF token to be leaked, leading to a vulnerability.
@@ -179,7 +179,7 @@ to ``{% csrf_token %}`` in the Django template language. For example:
.. code-block:: html+jinja
- <form action="" method="post">{{ csrf_input }}
+ <form method="post">{{ csrf_input }}
The decorator method
--------------------
diff --git a/docs/topics/forms/formsets.txt b/docs/topics/forms/formsets.txt
index cb07e7ad59..eb84da40eb 100644
--- a/docs/topics/forms/formsets.txt
+++ b/docs/topics/forms/formsets.txt
@@ -630,7 +630,7 @@ The ``manage_articles.html`` template might look like this:
.. code-block:: html+django
- <form method="post" action="">
+ <form method="post">
{{ formset.management_form }}
<table>
{% for form in formset %}
@@ -644,7 +644,7 @@ deal with the management form:
.. code-block:: html+django
- <form method="post" action="">
+ <form method="post">
<table>
{{ formset }}
</table>
@@ -662,7 +662,7 @@ If you manually render fields in the template, you can render
.. code-block:: html+django
- <form method="post" action="">
+ <form method="post">
{{ formset.management_form }}
{% for form in formset %}
<ul>
diff --git a/docs/topics/forms/modelforms.txt b/docs/topics/forms/modelforms.txt
index ec7c7a0587..aa3c6855e2 100644
--- a/docs/topics/forms/modelforms.txt
+++ b/docs/topics/forms/modelforms.txt
@@ -1071,14 +1071,14 @@ There are three ways to render a formset in a Django template.
First, you can let the formset do most of the work::
- <form method="post" action="">
+ <form method="post">
{{ formset }}
</form>
Second, you can manually render the formset, but let the form deal with
itself::
- <form method="post" action="">
+ <form method="post">
{{ formset.management_form }}
{% for form in formset %}
{{ form }}
@@ -1091,7 +1091,7 @@ form as shown above. See the :ref:`management form documentation
Third, you can manually render each field::
- <form method="post" action="">
+ <form method="post">
{{ formset.management_form }}
{% for form in formset %}
{% for field in form %}
@@ -1104,7 +1104,7 @@ If you opt to use this third method and you don't iterate over the fields with
a ``{% for %}`` loop, you'll need to render the primary key field. For example,
if you were rendering the ``name`` and ``age`` fields of a model::
- <form method="post" action="">
+ <form method="post">
{{ formset.management_form }}
{% for form in formset %}
{{ form.id }}