Test Environment:
OS: Windows_11
- Open URL: https://demos.telerik.com/aspnet-ajax/grid/examples/overview/defaultcs.aspx page in Edge Browser.
- TAB to the grid container.
- Observe the issue that the grid container is receiving focus.
Actual Behavior:
Focus moves on non-interactive controls.
Expected Behavior:
Focus shouldn't go to the non-interactive element in table content.
Test Environment:
OS: Windows_11URL: https://demos.telerik.com/aspnet-ajax/calendar/overview/defaultcs.aspx
Tool: Accessibility Insight for web.
Repro Steps:
1. Open URL: https://demos.telerik.com/aspnet-ajax/calendar/overview/defaultcs.aspx page in Edge Browser.
2. Navigate to calendar under overview Section by using tab key.
3. Run Accessibility Insight tool.
4. Verify the bug.
Actual Behavior:
Ensures the contrast foreground and background colors doesn't meet WCAG 2AA contrast ratio thresholds.
Expected Behavior:
Ensures the contrast between foreground and background colors meets WCAG 2 AA contrast ratio thresholds.
TEST ENVIRONMENT
OS: Windows_11Screen Reader: NVDA (2021.3)
REPRO STEPS:
1. Open URL Telerik Web UI Grid Overview Demo | Telerik UI for ASP.NET AJAX page in edge browser and turn on NVDA.
2. Navigate to next/previous controls in browse mode on the over view page.
3. Observe the issue.
ACTUAL RESULTS:
In browse mode, name property is not announced by the screen reader for next/previous buttons.
EXPECTED RESULT:
In browse mode, Screen reader should announce a name p:roperty 'First, Next, Previous and Last page' for the controls.
Environment (OS, Application, Versions)
Screen Reader: NVDA 2022.1
Repro-Steps:
- Open Telerik Web UI Calendar Overview Demo | Telerik UI for ASP.NET AJAX
- Navigate to calendar.
- Navigate to Next/Previous month ('<,<<,>,>>) button and activate it.
- Verify the issue.
Screen reader should announce the information about the month after activating "Next/previous" month controls.
I am reaching out in regards of an update we need to resolve a vulnerability in our system. I am not aware if my company has a license already but I was informed that we could get the hotfix by opening a ticket. Please let me know if there is another method to get the hotfix.
Contact email: xxxxx <- updated by Telerik admin
Response we got from TELERIK:
If you don't have an active license, you can reach out the Telerik support by opening a General Feedback ticket.
I suggest to allow developers to customize the GridColumnGroup header.
Custom column group headers should be a built-in feature of the RadGrid.
There are Telerik controls on the page, but I've also explicitly added Telerik.Web.UI.Common.Core.js to the script manager. I get that Edge is a chromium browser, but I need to detect Edge.
Looks like it is a typo in the Telerik code. When I use skin web20 on the page and RadNotification I get exception :
An error occurred processing a web or script resource request. The requested resource 'pTelerik.Web.UI.Skins|Telerik.Web.UI.Skins.Web20Lite.Notification.Web20.css' does not exist or there was a problem loading it.
Note, there is "p" before Telerik namespace.
"Error while executing filter StripDomEventAttributesFilter - RangeError: Maximum call stack size exceeded"
Once the error occurs, the only way to fix it is to refresh the page.
The R2 2021 update causes all controls in Classic RenderMode to change their layout and size due to different font-size, font-family and line-height.
Fixing this change is planned for the upcoming Service Pack.
In the meantime, you can use the styles in the attachment. Due to the fact that the selectors are the same as the ones in the built-in skin, you need to load them either in the beginning of the <body> or using RadStylesheetManager. If you are using the StylesheetManager, ensure you set a big OrderIndex for the entry:
<telerik:RadStyleSheetManager runat="server" >
<StyleSheets>
<telerik:StyleSheetReference Path="fixes.css" OrderIndex="99999" />
</StyleSheets>
</telerik:RadStyleSheetManager>Loading the styles in the <head> tag's markup would not work as the Telerik stylesheets are added programmatically at the end of the <head> tag, meaning it will override the preceding files that have the same selector.
The attachment contains a file for each skin and inside it, it has all styles grouped by control. That means you can load only the file for the skin you are using and optionally remove the styles for controls that you are not using. Keep in mind that some more complex controls(e.g. Grid, Editor, DropDownTree, etc.) contain other Telerik controls as child controls, so you would need to keep the styles for the child controls also.
Please excuse us for the inconvenience caused and thank you for your understanding.
ADA Compliance Issue - ComboBox, DropDownList, DatePicker, DateTimePicker and TimePicker Buttons must have discernible text
The problem is described in this code library
The repro markup can be found below
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head runat="server"> <title></title> <!-- Bootstrap CSS --> <link rel="stylesheet"href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm"crossorigin="anonymous"> <!-- Optional JavaScript --> <!-- jQuery first, then Popper.js, then Bootstrap JS --> <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script> <scriptsrc="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js"integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q"crossorigin="anonymous"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl"crossorigin="anonymous"></script></head><body> <form id="form1" runat="server"> <asp:ScriptManager runat="server" /> <telerik:RadAsyncUpload ID="RadAsyncUpload1" runat="server" Skin="Bootstrap"RenderMode="Lightweight"></telerik:RadAsyncUpload> </form></body></html>
Progress Telerik seems to be more focused on pursuing technology we’re not using, and There haven’t been major upgrades to the Windows Forms and ASP.NET controls that we use in our legacy apps.
The tools are great and we use them extensively, even in newer upgrades to our legacy apps.
But we haven’t seen a whole lot of improvements where we’d like to see them, so it’s not worth the maintenance cost.
On the Windows Forms side, we spend a lot of time navigating through the multi-layer structures of the tools, a set-wide consistent change that was implemented over 5 years ago. It’s good for consistency, but makes certain properties and events unintuitive. (E.g., “Why won’t this drop down list work handle the ENTER key being pressed?” “Well, that’s actually the enter event in the embedded control.”)
Our biggest usage on Windows Forms tools are RadButton, RadPageView, RadToggleButton, RadTextBox, and RadSpinEditor – and THAT’S IT.
And they are fairly stable and unchanged in the Progress Telerik line.
On the ASP.NET/AJAX side, it’s frustrating not to have things like cascading drop boxes without getting into a whole lot of Javascript and AJAX coding… which sort of defeats the point of buying a product that proposes to do all that for you. That’s been the only thing we hoped to see updated, some kind of way to preload multiple combos and have it auto-filter based on linked selections, and it never happened.
Our biggest usage on ASP.NET/AJAX tools are RadComboBox, RadDatePicker, RadEditor and RadSpell – and THAT’S IT.
These are also fairly stable and have been mostly unchanged in the Progress Telerik line.
Progress Telerik is rightfully focused on more emerging technologies – we don’t fault the company for that – but most of our work is legacy software we built 10-20 years ago and still maintain, or new clients wanting similar products (so it makes financial sense to use the legacy platform as a basis). If we had an unlimited budget and R&D time, we’d LOVE to explore all the newer technologies and platforms… but it’s just not compatible with our business model (which serves small and mid-range companies with VERY tight budgets).
That makes it hard to justify the thousand or multi-hundred dollar maintenance fee to get periodic patches, when the existing versions are stable and working just fine for us.
If seems like Progress Telerik almost treats these tools as legacy products, and that it’s really not focused on them as much. (Again, we understand, that makes sense.)
Greetings!
Description:
I have found a Cross-Site Scripting issue in the rich text editor, RadEditor. This is not in a body where user provides certain strings, rather it's in the text properties which gets sent along with the user input, such as font-style. The developers were able to follow the filtering mechanisms given in at https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/managing-content/prevent-cross-site-scripting-(xss), but it provides protection for the inputs given in <textarea>, and for the properties values. Hence XSS is still possible
Steps for Reproduction:
1. Open up the text editor {{Screenshot 2020-09-23 at 12.08.51 PM.png}}
2. Input a string and change its font style.
3. Click on submit and intercept the request. {{Screenshot 2020-09-23 at 12.14.45 PM.png}}
4. Now we need to modify the request body for parameter of texteditor's ID. You may notice that the font-style is set and sent by using a <span>.
RadEditor1=%253cspan%20style%253d%2522font-family%253a%20%2527MS%20Sans%20Serif%2527%253b%2522%253etextexttext%253c%2Fspan%253e
Change parameter 'RadEditor1's value with the following:
RadEditor1=%253cspan%20onmouseover%253d%2522document.body.innerHTML%253d%2527ioioioioioioioioo%2527%252bdocument.cookie%2522%20style%253d%2522font-family%253a%20%2527MS%20Sans%20Serif%2527%253b%2522%253etextexttext%253c%2Fspan%253e
5. Submit and notice the 200 OK response. Now go to the text editor and notice that the string texttexttext can be seen. {{Screenshot 2020-09-23 at 12.24.18 PM.png}}
6. Put a mouse cursor on the string and notice that it gets changed to ioioioioioioioioo<domainCookies>.
##################
Please let me know if given information doesn't suffice the abilities for reproduction.
Thanks,
Dhiraj
Currently, the asp:Label and telerik:RadLabel are rendering the AssociatedControlID of the ComboBox as for="RadComboBox1" while it should be for="RadComboBox1_Input"
FROM ADMIN:
1) Use Sys.Application.Load event to fix all labels associated with RadComboBoxes:<script type="text/javascript">
function fixLabelFor() {
$telerik.$("label[for]").each(function () {
var lbl = $telerik.$(this)
if ($telerik.$("#" + lbl.attr("for")).hasClass("RadComboBox")) {
lbl.attr("for", lbl.attr("for") + "_Input");
}
})
// Sys.Application.remove_load(fixLabelFor);
}
Sys.Application.add_load(fixLabelFor);
</script>2) Use OnClientLoad of the ComboBox you want to apply the fix to:
<script>
function OnClientLoad(sender, args) {
var ariasettings = JSON.parse(sender._ariaSettings)
if (ariasettings && ariasettings["aria-describedby"]) {
var lbl = $get(ariasettings["aria-describedby"]);
lbl.setAttribute("for", lbl.getAttribute("for") + "_Input")
}
}
</script>
Hello,
I have noticed the changes in your website, demos and documentation, but not all seems to work well on IE 11.
In the new interface of
the left menu dissapear after more clicks (IE11)
However, in ASP.net AJAX demos, the new interface is not looking good on IE 11
For example, https://demos.telerik.com/aspnet-ajax/orgchart/examples/expandcollapse/defaultcs.aspx
The old interface was looking great, I had no problems at all, any control
I hope I will not have the same problems in my ASP.net application...