diff options
| author | CHI Cheng <cloudream@gmail.com> | 2018-05-02 23:20:04 +1000 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-05-02 09:20:04 -0400 |
| commit | 4660ce5a6930e07899ed083801845ee4c44c09df (patch) | |
| tree | fb30d82cab0e71391bf050c02bd95d35fd1ecc25 /docs/ref | |
| parent | c02953ebbce805427a08985e674a3d4457ca1be8 (diff) | |
Fixed #29375 -- Removed empty action attribute on HTML forms.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/class-based-views/generic-editing.txt | 8 | ||||
| -rw-r--r-- | docs/ref/csrf.txt | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/docs/ref/class-based-views/generic-editing.txt b/docs/ref/class-based-views/generic-editing.txt index 8c1fe0f758..969a033a31 100644 --- a/docs/ref/class-based-views/generic-editing.txt +++ b/docs/ref/class-based-views/generic-editing.txt @@ -74,7 +74,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Send message"> </form> @@ -130,7 +130,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Save"> </form> @@ -187,7 +187,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Update"> </form> @@ -238,7 +238,7 @@ editing content: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} <p>Are you sure you want to delete "{{ object }}"?</p> <input type="submit" value="Confirm"> </form> diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index fdb373b002..2664a6270f 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -41,7 +41,7 @@ To take advantage of CSRF protection in your views, follow these steps: .. code-block:: html+django - <form action="" method="post">{% csrf_token %} + <form method="post">{% csrf_token %} This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability. @@ -179,7 +179,7 @@ to ``{% csrf_token %}`` in the Django template language. For example: .. code-block:: html+jinja - <form action="" method="post">{{ csrf_input }} + <form method="post">{{ csrf_input }} The decorator method -------------------- |