1

I just wondering if it's safe to have form actions like this one:

form action="" method="post"

And what is more interesting is it SEO friendly?

What I want to do is that form points to the same page, so I don't need to change action, but maybe it's not SEO friendly or not so safe?

Thanks, Ignas

asked Jul 29, 2010 at 5:57
2
  • Hmmm...I don't see an action there. Commented Jul 29, 2010 at 5:58
  • When does SEO ever look at form actions? And yes, it's safe to do. Commented Jul 29, 2010 at 5:58

6 Answers 6

3

I just wondering if it's safe to have form actions like this one:

Moderately. There are some browsers which don't like it, but they aren't commonly used.

And what is more interesting is it SEO friendly?

That isn't at all interesting. Search engines don't make POST requests, and rarely do GET requests based on forms, so it is completely irrelevant.

answered Jul 29, 2010 at 6:00
Sign up to request clarification or add additional context in comments.

Comments

1

  1. The action attribute value has no bearing on SEO.

  2. action="" is safe, much safer than say action="<?php echo $_SERVER['PHP_SELF'];?>" which is XSS prone because it can be exploited by appending javascript in the url.

answered Jul 29, 2010 at 5:59

2 Comments

Not to detract from what you're saying, but is $_SERVER['PHP_SELF'] really vulnerable to XSS attacks? I can't imagine any way to modify that other than direct access to the server (setting an environment variable)...
google.com/#hl=en&source=hp&q=PHP_SELF+XSS. SCRIPT_NAME I believe is preferred.
0

It is safe SEO wise to have empty actions.

answered Jul 29, 2010 at 5:59

Comments

0

It has nothing to do with SEO and safety lies when you submit the form and how you do against attacks such as cross-site scripting, sql injection, form spoofing.

Make sure to validate your forms both client side and server side if you are worried about security.

See:

answered Jul 29, 2010 at 5:59

Comments

0

What content are you displaying, and does it change when the form is submitted? Crawlers will not post forms with method POST, so whatever content you display when the form is submitted is not indexed - and not SEO-friendly as you call it.

answered Jul 29, 2010 at 6:00

Comments

0

Thanks guys! You're really fast community :)

So I'm leaving the empty actions and don't care about SEO. Yes I read that some old browsers may refuse to work with empty actions, but I think this is not a big problem for the modern application. And about security, I'm using Django and applying provided tools to secure the form submissions (filtering, custom rules, also CSRF tokens).

Thank you all!

answered Jul 29, 2010 at 6:05

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.