Please, please, please bring the new RadTaskBoard to ASP.NET AJAX!

I was just reviewing the RadTileList and trying to figure out how to do a Kanban board with your controls, and came across what you just released via the RadTaskBoard, and that would be absolutely perfect to have for ASP.NET AJAX.

Thank you!

Progress Telerik seems to be more focused on pursuing technology we’re not using, and There haven’t been major upgrades to the Windows Forms and ASP.NET controls that we use in our legacy apps.

The tools are great and we use them extensively, even in newer upgrades to our legacy apps.

But we haven’t seen a whole lot of improvements where we’d like to see them, so it’s not worth the maintenance cost.

On the Windows Forms side, we spend a lot of time navigating through the multi-layer structures of the tools, a set-wide consistent change that was implemented over 5 years ago.  It’s good for consistency, but makes certain properties and events unintuitive.  (E.g., “Why won’t this drop down list work handle the ENTER key being pressed?” “Well, that’s actually the enter event in the embedded control.”)

Our biggest usage on Windows Forms tools are RadButton, RadPageView, RadToggleButton, RadTextBox, and RadSpinEditor – and THAT’S IT.

And they are fairly stable and unchanged in the Progress Telerik line.

On the ASP.NET/AJAX side, it’s frustrating not to have things like cascading drop boxes without getting into a whole lot of Javascript and AJAX coding… which sort of defeats the point of buying a product that proposes to do all that for you. That’s been the only thing we hoped to see updated, some kind of way to preload multiple combos and have it auto-filter based on linked selections, and it never happened.

Our biggest usage on ASP.NET/AJAX tools are RadComboBox, RadDatePicker, RadEditor and RadSpell – and THAT’S IT.

These are also fairly stable and have been mostly unchanged in the Progress Telerik line.

Progress Telerik is rightfully focused on more emerging technologies – we don’t fault the company for that – but most of our work is legacy software we built 10-20 years ago and still maintain, or new clients wanting similar products (so it makes financial sense to use the legacy platform as a basis).  If we had an unlimited budget and R&D time, we’d LOVE to explore all the newer technologies and platforms… but it’s just not compatible with our business model (which serves small and mid-range companies with VERY tight budgets).

That makes it hard to justify the thousand or multi-hundred dollar maintenance fee to get periodic patches, when the existing versions are stable and working just fine for us.

If seems like Progress Telerik almost treats these tools as legacy products, and that it’s really not focused on them as much. (Again, we understand, that makes sense.)

Greetings!

Description:

I have found a Cross-Site Scripting issue in the rich text editor, RadEditor. This is not in a body where user provides certain strings, rather it's in the text properties which gets sent along with the user input, such as font-style. The developers were able to follow the filtering mechanisms given in at https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/managing-content/prevent-cross-site-scripting-(xss), but it provides protection for the inputs given in <textarea>, and for the properties values. Hence XSS is still possible

Steps for Reproduction:

1. Open up the text editor {{Screenshot 2020-09-23 at 12.08.51 PM.png}}

2. Input a string and change its font style.

3. Click on submit and intercept the request. {{Screenshot 2020-09-23 at 12.14.45 PM.png}}

4. Now we need to modify the request body for parameter of texteditor's ID. You may notice that the font-style is set and sent by using a <span>.

RadEditor1=%253cspan%20style%253d%2522font-family%253a%20%2527MS%20Sans%20Serif%2527%253b%2522%253etextexttext%253c%2Fspan%253e

Change parameter 'RadEditor1's value with the following:

RadEditor1=%253cspan%20onmouseover%253d%2522document.body.innerHTML%253d%2527ioioioioioioioioo%2527%252bdocument.cookie%2522%20style%253d%2522font-family%253a%20%2527MS%20Sans%20Serif%2527%253b%2522%253etextexttext%253c%2Fspan%253e

5. Submit and notice the 200 OK response. Now go to the text editor and notice that the string texttexttext can be seen. {{Screenshot 2020-09-23 at 12.24.18 PM.png}}

6. Put a mouse cursor on the string and notice that it gets changed to ioioioioioioioioo<domainCookies>.

##################

Please let me know if given information doesn't suffice the abilities for reproduction.

Thanks,

Dhiraj

Currently, the asp:Label and telerik:RadLabel are rendering the AssociatedControlID of the ComboBox as for="RadComboBox1" while it should be for="RadComboBox1_Input"

FROM ADMIN:

<script type="text/javascript">
    function fixLabelFor() {
        $telerik.$("label[for]").each(function () {
            var lbl = $telerik.$(this)
            if ($telerik.$("#" + lbl.attr("for")).hasClass("RadComboBox")) {
                lbl.attr("for", lbl.attr("for") + "_Input");
            }
        })
        // Sys.Application.remove_load(fixLabelFor); 
    }
    Sys.Application.add_load(fixLabelFor);
</script>

<script>
    function OnClientLoad(sender, args) {
        var ariasettings = JSON.parse(sender._ariaSettings)
        if (ariasettings && ariasettings["aria-describedby"]) {
            var lbl = $get(ariasettings["aria-describedby"]);
            lbl.setAttribute("for", lbl.getAttribute("for") + "_Input")
        }
    }
</script>

 Hello,

I have noticed the changes in your website, demos and documentation, but not all seems to work well on IE 11.

In the new interface of

 https://docs.telerik.com/devtools/aspnet-ajax/introduction?_ga=2.16776693.2130593711.1599296842-392310183.1565849466

 the left menu dissapear after more clicks (IE11)

However, in ASP.net AJAX demos, the new interface is not looking good on IE 11

For example,  https://demos.telerik.com/aspnet-ajax/orgchart/examples/expandcollapse/defaultcs.aspx

The old interface was looking great, I had no problems at all, any control

I hope I will not have the same problems in my ASP.net application... 

I suggest update Device Screen Size for 

Telerik.Web.Device.Detection

using System;

namespace Telerik.Web.Device.Detection
{
    /// <summary>
    /// The device screen size based on the its dimensions in CSS pixels
    /// </summary>
    /// <remarks>
    ///The default ranges are:
    /// Small (to 600) CSS pixels
    /// Medium (601-1024) CSS pixels
    /// Large (1025 - 1366) CSS pixels
    /// ExtraLarge (over 1366) CSS pixels
    /// FullHD (over 1920) CSS pixels
    /// UHD4K = 5 // 3840
    /// UHD8K = 6 // 7680
    /// UHD10K = 7 // 10240
    /// </remarks>
    public enum DeviceScreenSize
    {
        Small = 0, // 0-600
        Medium = 1, // 601-1024
        Large = 2, // 1025 - 1366
        ExtraLarge = 3 // over 1366
        FullHD = 4 // 1920
        UHD4K = 5 // 3840
        UHD8K = 6 // 7680
        UHD10K = 7 // 10240

    }
}

Best,

Jeff

Hi,

Is it possible to exercise the NullText option for the control RadDatePicker for ASP.NET AJAX

Thanks

Gita

One tool that can help with testing for the contrast ratio is ANDI.

• https://www.ssa.gov/accessibility/andi/help/install.html

 Related to https://feedback.telerik.com/aspnet-ajax/1476937-glow-skin-vista-skin-and-overall-any-links-in-the-grid-are-showing-as-blue-not-matching-what-it-has-earlier

From Admin: Share in this thread the most impactful contrast issue here, sharing the control and its setup, the skin and the exact elements that are failing the contrast test.

Hi Team,

I'm using Telerik.Web.UI Version 2020.2.617

I have integrated it and added a reference in my web application, asked me to upgrade the version of Assemblies "System.Web.Extension.dll" and "System.Core.dll" has to be upgraded to version 4.0, I did that too, Now I'm getting an error while I'm running or doing build "The type or namespace name 'Script' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)", Assembly it is referring to "System.Web.Script.Services", same error is coming for other attributes like "ScriptMethod, ScriptMethodAttribute"

For the Key word "this" it is throwing as below error

It is throwing an error for "System.Linq.Expressions"

Can anyone help me out on this how to resolve these bugs.

Regards

P L P Kumar

Editor is not maintaining the Format of text, specifically the bullet numbers, when copied from MS word. 

You can use the attached content to reproduce the problem in the Overview demo of the control.

Hi Team,

I received this from Khurram,

One small suggestion is for your ASP.net AJAX library to include two themes outside the box i.e. Windows 10 Dark and Windows 10 Light theme.

We recently went to address a vulnerability finding in our application whereby a user could exploit a vulnerability in the Telerik.Web.UI version 2015.3.1111.45.  Unfortunately after applying the patched version of this assembly, when running the exploit by calling [site root]/Telerik.Web.UI.DialogHandler.aspx?DialogName=DocumentManager&renderMode=2&Skin=Default&Title=Document%20Manager&dpptn=&isRtl=false&dp={xxxxxxx}. The page returns a response of:

An error will occur when the Index equals the number of items in the collection

private static ClientOperation<T> Remove(ControlItemCollection items, int index)
{
	if (index < 0 || index > items.Count) // should be >= instead
		return null;
	var item = items[index];
	items.RemoveAt(index);

	var operation = new ClientOperation<T> {Item = (T) item, Type = ClientOperationType.Remove};

	return operation;
}

Twice this week, my Asp.net project would not compile because of a Telerik.Web.UI.dll link error. I run into this problem frequently, Telerik is very flakey. My last bug report was this compile problem with another Telerik file.

The solution to both compile problems is to clear the Properties/licenses.licx file. As least the second time, I knew right where to go without wasting time searching the web. A couple hours wasted on the first one on Monday.  I suppose I can expect to clear it Friday again when the compile fails on Telerik.

The Properties/licenses.licx is re-populating itself causing the compile to fail on this Telerik issue. Why have a licenses.licx if it always breaks the software? Your support says, clear the file - they know it causes endless problems.

There is no fix on my side for the this problem, Telerik must do something about the licenses.licx problem in an update.

I have these Telerik compiler warnings. The entire list is Telerik created, misleading and annoying.

We are looking for an option/rad control to have outlook or msg attachment. We have outlook emails with attachment within it. The attachment can vary from PDF, WORD, Outlook Message, Images, and more. The attachment also includes the signature or sensitive data. Currently, we are using a redemption library for an MSG attachment. We would like to know if Telerik offers a solution like redemption we can try. Redemption has a lot of issues. So we are looking for an alternative. Can you please provide an option for MSG attachment? 

Hi , 

Why is your combobox does not support BOTH multiple select AND LoadOnDemand ?

It would be so convenient to have .

I see a lot of questions like that, but all the answers explain why its not supported.

I tried all other recommendations ( like using RadAutoCompleteBox or searchbox ) , but it's not displaying any items in the drop down list ,so the user has to know what he is looking for, withuy having ability to select it from the list. 

PLEase let me know if you have ANY Telerik control which allows both features .

If you do not have , I would like to submit a feature request for that .

I really do not care what control it will be .

All i need is to be able to select from the list ( with option to select all ) , OR to start typing , and then it will prompt for a matches .

Thanks ,

Orit.

https://identity.telerik.com/v2/oauth/signin?ReturnUrl=...
http://docs.identityserver.io/en/latest/

Hi,It would be really handy to have an best practice identity provider UX 

There are  many ways to skin a cat, but it would be really handy to have a UI component much like you find in the ~/Account folder created by MS that all worked.
That had all the recovery logon by email working, having built in 2FA working.

The quick win would be to tell us how to write a 'Telerik Scenario' and where we can share them in Marketplace.telerik.com ?

Thanks

doug