diff options
| author | CHI Cheng <cloudream@gmail.com> | 2018-05-02 23:20:04 +1000 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-05-02 09:35:26 -0400 |
| commit | 482ba9246e1838378a7e320c247fa7338ca49b40 (patch) | |
| tree | c676d1e9a5516ce413f8f59059e701392ce811d7 /docs | |
| parent | 30038300085b21fc1a8afe54a1c6e9eebbd6db47 (diff) | |
[2.0.x] Fixed #29375 -- Removed empty action attribute on HTML forms.
Backport of 4660ce5a6930e07899ed083801845ee4c44c09df from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/class-based-views/generic-editing.txt | 8 | ||||
| -rw-r--r-- | docs/ref/csrf.txt | 4 | ||||
| -rw-r--r-- | docs/topics/forms/formsets.txt | 6 | ||||
| -rw-r--r-- | docs/topics/forms/modelforms.txt | 8 |
4 files changed, 13 insertions, 13 deletions
diff --git a/docs/ref/class-based-views/generic-editing.txt b/docs/ref/class-based-views/generic-editing.txt index 65cd772536..b4bf7e9480 100644 --- a/docs/ref/class-based-views/generic-editing.txt +++ b/docs/ref/class-based-views/generic-editing.txt @@ -74,7 +74,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Send message" /> </form> @@ -130,7 +130,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Save" /> </form> @@ -187,7 +187,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Update" /> </form> @@ -238,7 +238,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} <p>Are you sure you want to delete "{{ object }}"?</p> <input type="submit" value="Confirm" /> </form> diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index dd5ea479ae..d79bfd9dd9 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -41,7 +41,7 @@ To take advantage of CSRF protection in your views, follow these steps: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability. @@ -179,7 +179,7 @@ to ``{% csrf_token %}`` in the Django template language. For example: .. code-block:: html+jinja - <form action="" method="post">{{ csrf_input }} + <form method="post">{{ csrf_input }} The decorator method -------------------- diff --git a/docs/topics/forms/formsets.txt b/docs/topics/forms/formsets.txt index 08c0194e53..c7134b10de 100644 --- a/docs/topics/forms/formsets.txt +++ b/docs/topics/forms/formsets.txt @@ -630,7 +630,7 @@ The ``manage_articles.html`` template might look like this: .. code-block:: html+django - <form method="post" action=""> + <form method="post"> {{ formset.management_form }} <table> {% for form in formset %} @@ -644,7 +644,7 @@ deal with the management form: .. code-block:: html+django - <form method="post" action=""> + <form method="post"> <table> {{ formset }} </table> @@ -662,7 +662,7 @@ If you manually render fields in the template, you can render .. code-block:: html+django - <form method="post" action=""> + <form method="post"> {{ formset.management_form }} {% for form in formset %} <ul> diff --git a/docs/topics/forms/modelforms.txt b/docs/topics/forms/modelforms.txt index a35f005877..71abff63ea 100644 --- a/docs/topics/forms/modelforms.txt +++ b/docs/topics/forms/modelforms.txt @@ -1064,14 +1064,14 @@ There are three ways to render a formset in a Django template. First, you can let the formset do most of the work:: - <form method="post" action=""> + <form method="post"> {{ formset }} </form> Second, you can manually render the formset, but let the form deal with itself:: - <form method="post" action=""> + <form method="post"> {{ formset.management_form }} {% for form in formset %} {{ form }} @@ -1084,7 +1084,7 @@ form as shown above. See the :ref:`management form documentation Third, you can manually render each field:: - <form method="post" action=""> + <form method="post"> {{ formset.management_form }} {% for form in formset %} {% for field in form %} @@ -1097,7 +1097,7 @@ If you opt to use this third method and you don't iterate over the fields with a ``{% for %}`` loop, you'll need to render the primary key field. For example, if you were rendering the ``name`` and ``age`` fields of a model:: - <form method="post" action=""> + <form method="post"> {{ formset.management_form }} {% for form in formset %} {{ form.id }} |
