diff options
| -rw-r--r-- | docs/ref/csrf.txt | 2 | ||||
| -rw-r--r-- | tests/forms_tests/templates/forms_tests/article_form.html | 2 | ||||
| -rw-r--r-- | tests/templates/form_view.html | 2 | ||||
| -rw-r--r-- | tests/templates/login.html | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index 6410b9eef0..cb49d28d29 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -40,7 +40,7 @@ To take advantage of CSRF protection in your views, follow these steps: 2. In any template that uses a POST form, use the :ttag:`csrf_token` tag inside the ``<form>`` element if the form is for an internal URL, e.g.:: - <form action="." method="post">{% csrf_token %} + <form action="" method="post">{% csrf_token %} This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability. diff --git a/tests/forms_tests/templates/forms_tests/article_form.html b/tests/forms_tests/templates/forms_tests/article_form.html index de38466335..8ab7a85bb9 100644 --- a/tests/forms_tests/templates/forms_tests/article_form.html +++ b/tests/forms_tests/templates/forms_tests/article_form.html @@ -1,6 +1,6 @@ <html> <body> - <form method="post" action=".">{% csrf_token %} + <form method="post" action="">{% csrf_token %} {{ form.as_p }}<br> <input id="submit" type="submit"> </form> diff --git a/tests/templates/form_view.html b/tests/templates/form_view.html index a23fd0b657..1ef410fb71 100644 --- a/tests/templates/form_view.html +++ b/tests/templates/form_view.html @@ -2,7 +2,7 @@ {% block title %}Submit data{% endblock %} {% block content %} <h1>{{ message }}</h1> -<form method='post' action='.'> +<form method="post" action=""> {% if form.errors %} <p class='warning'>Please correct the errors below:</p> {% endif %} diff --git a/tests/templates/login.html b/tests/templates/login.html index 7f50df2ba1..0d301600a5 100644 --- a/tests/templates/login.html +++ b/tests/templates/login.html @@ -5,7 +5,7 @@ <p>Your username and password didn't match. Please try again.</p> {% endif %} -<form method="post" action="."> +<form method="post" action=""> <table> <tr><td><label for="id_username">Username:</label></td><td>{{ form.username }}</td></tr> <tr><td><label for="id_password">Password:</label></td><td>{{ form.password }}</td></tr> |