[2.0.x] Fixed #29375 -- Removed empty action attribute on HTML forms.

Backport of 4660ce5a69 from master

docs/ref/class-based-views/generic-editing.txt

@@ -74,7 +74,7 @@ editing content:
 
     .. code-block:: html+django
 
-        <form action="" method="post">{% csrf_token %}
+        <form method="post">{% csrf_token %}
             {{ form.as_p }}
             <input type="submit" value="Send message" />
         </form>
@@ -130,7 +130,7 @@ editing content:
 
     .. code-block:: html+django
 
-        <form action="" method="post">{% csrf_token %}
+        <form method="post">{% csrf_token %}
             {{ form.as_p }}
             <input type="submit" value="Save" />
         </form>
@@ -187,7 +187,7 @@ editing content:
 
     .. code-block:: html+django
 
-        <form action="" method="post">{% csrf_token %}
+        <form method="post">{% csrf_token %}
             {{ form.as_p }}
             <input type="submit" value="Update" />
         </form>
@@ -238,7 +238,7 @@ editing content:
 
     .. code-block:: html+django
 
-        <form action="" method="post">{% csrf_token %}
+        <form method="post">{% csrf_token %}
             <p>Are you sure you want to delete "{{ object }}"?</p>
             <input type="submit" value="Confirm" />
         </form>

docs/ref/csrf.txt

@@ -41,7 +41,7 @@ To take advantage of CSRF protection in your views, follow these steps:
 
    .. code-block:: html+django
 
-       <form action="" method="post">{% csrf_token %}
+       <form method="post">{% csrf_token %}
 
    This should not be done for POST forms that target external URLs, since
    that would cause the CSRF token to be leaked, leading to a vulnerability.
@@ -179,7 +179,7 @@ to ``{% csrf_token %}`` in the Django template language. For example:
 
 .. code-block:: html+jinja
 
-    <form action="" method="post">{{ csrf_input }}
+    <form method="post">{{ csrf_input }}
 
 The decorator method
 --------------------