[wp-trac] [WordPress Trac] #58226: HTML attribute "action" on element "form": Must be non-empty.
WordPress Trac
noreply at wordpress.org
Sun Apr 30 08:44:41 UTC 2023
#58226: HTML attribute "action" on element "form": Must be non-empty.
------------------------------+-----------------------------
Reporter: Malae | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTML API | Version: 6.2
Severity: normal | Keywords: dev-feedback
Focuses: coding-standards |
------------------------------+-----------------------------
If checking HTML validation , it appears that the core file wp-login.php
line 331
<form id="language-switcher" action="" method="get">
throws a warning: Bad value "" for attribute "action" on element "form":
Must be non-empty.
However, it appears that this applies to HTML 4, but apparently in HTML 5
the use of action="" is not supported.
Checking further, I saw a statement that not including the action
attribute opens the page up to iframe clickjacking attacks,
If action="" is left in, I saw suggestions to use action="#", or
action="?".
Does this core file use the best valid, secure way to submit this form, or
does it need changing?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58226>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list