Hey guys,
I just wondering if it's safe to have form actions like this one:
form action="" method="post"
And what is more interesting is it SEO friendly?
What I want to do is that form points to the same page, so I don't need to change action, but maybe it's not SEO friendly or not so safe?
Thanks, Ignas
The action attribute value has no bearing on SEO.
action="" is safe, much safer than say action="<?php echo $_SERVER['PHP_SELF'];?>" which is XSS prone because it can be exploited by appending javascript in the url.
It has nothing to do with SEO and safety lies when you submit the form and how you do against attacks such as cross-site scripting, sql injection, form spoofing.
Make sure to validate your forms both client side and server side if you are worried about security.
See:
What content are you displaying, and does it change when the form is submitted? Crawlers will not post forms with method POST, so whatever content you display when the form is submitted is not indexed - and not SEO-friendly as you call it.
I just wondering if it's safe to have form actions like this one:
Moderately. There are some browsers which don't like it, but they aren't commonly used.
And what is more interesting is it SEO friendly?
That isn't at all interesting. Search engines don't make POST requests, and rarely do GET requests based on forms, so it is completely irrelevant.
Thanks guys! You're really fast community :)
So I'm leaving the empty actions and don't care about SEO. Yes I read that some old browsers may refuse to work with empty actions, but I think this is not a big problem for the modern application. And about security, I'm using Django and applying provided tools to secure the form submissions (filtering, custom rules, also CSRF tokens).
Thank you all!