Progress® Telerik® UI for ASP.NET AJAX Feedback Portal
Back to Feed
Request a Feature Report a Bug
Completed
Last Updated: 21 Oct 2025 09:52 by ADMIN
Release 2025 Q4 (Nov)
rumen jekov
Created on: 20 Oct 2025 13:58
Category: Editor
Type: Bug Report
0
Script execution occurs when switching between modes despite StripDomEventAttributes being enabled

When using RadEditor with the StripDomEventAttributes content filter enabled, script execution can still occur when switching from HTML to Design mode.

Certain HTML and SVG elements containing attributes such as onload, onclick, or href/to values that start with javascript: are not fully sanitized before the editor’s content is rendered in Design view. As a result, embedded script code can run during the mode transition even though the anti-script filter is active.

Reproduction steps:

Add a RadEditor with the default filters:

<telerik:RadEditor runat="server" ID="RadEditor1"
    ContentFilters="DefaultFilters,StripDomEventAttributes">
</telerik:RadEditor>


  1. Load the page.
  2. Switch the editor to HTML mode.
  3. Paste any of the following samples (look below)
  4. Switch to Design view
  5. Watch alerts
<svg/onload=alert(1)><svg>
<svg
onload=alert(1)><svg> # newline char
<svg	onload=alert(1)><svg> # tab char
<svgonload=alert(1)><svg> # new page char (0xc)

 

 

 

1 comment
ADMIN
Rumen
Posted on: 21 Oct 2025 09:52

The issue has been fixed internally, and the fix will be included in the 2025 Q4 release, scheduled for November.

Note: Ensure that the StripDomEventAttributes filter is enabled (ContentFilters="DefaultFilters,StripDomEventAttributes") when testing the solution after upgrading to the 2025 Q4 release.


Create an account Log In
View
Type
Status
Category