Hi,

I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.

The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.

There is a problem in Safari on Mac while selecting Table cell properties via the context menu when a table cell is selected. Its Wrongly selected in the Table Wizard window.

Reproduction steps:

- Load the default demo in Safari Mac: http://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx

- Right click over the third cell in the second column ("Los Gigantes is located...") and choose Cell Properties.

- The Preview of the Cell Properties in the Table Wizard will show that the first cell is selected but not the right one.

For a better description of the issue and reproduction steps, please view the ticket:

http://www.telerik.com/account/support-tickets/view-ticket?threadid=1010438

If a user clicks 'Ignore All' for a misspelled word, the focus moves to the next misspelled word after the last word included in the ignore all list.  This becomes problematic when editing a large quantity of text and the user's trying to go through things in order, but the focus moves to the very bottom of the content area.

In MS Word, it works as our users expect it would.  Once 'Ignore All' is chosen, the very next misspelled word is highlighted.

Inserting a new line after a link typically adds a new line and removes the copied link. 

However, this does not work when paragraph is about to be split. 

For the time being you can override the _nodeInsertedHandler method to resolve the bug as in this example:

<telerik:RadEditor runat="server" ID="RadEditor1">
     <Content>
         <p><a href="http://www.telerik.com" >link</a>text</p>
     </Content>
 </telerik:RadEditor>

 <script>
     Telerik.Web.UI.Editor.InsertParagraphCommand.prototype._nodeInsertedHandler = function (args) {
         var command = this,
             cursor = args.get_cursor(),
             container = args.get_container(),
             isEmptyContainer = command._isEmptyContainer(container, cursor),
             $E = Telerik.Web.UI.Editor,
             utils = $E.Utils;

         var parentAnchor = utils.getElementParentByTag(cursor, "A");

         if (command._isEmptyContainer(parentAnchor, cursor))
             command._removeNode(parentAnchor);

         if (isEmptyContainer) {
             if (command.get_editor().get_enableTrackChanges()) {
                 var tcUtils = $E.TrackChangesUtils,
                     parentTrackedInsert = tcUtils.getParentTrackChangesInsertNode(cursor, container),
                     parentTrackedDelete = tcUtils.getParentTrackChangesDeleteNode(cursor, container);
                 command._removeNode(parentTrackedInsert);
                 command._removeNode(parentTrackedDelete);
             }
         }
     };
 </script>

It is a common scenario users to start selecting text and accidental trigger mouseup event outside of the content area. Still, the focus is inside RadEditor and InlineEditCompleted event should not fire.

Possible workaround:

<telerik:RadEditor runat="server" ID="RadEditor1" EditType="Inline"
    OnClientLoad="OnClientLoad" OnClientInlineEditCompleted="OnClientInlineEditCompleted">
    <Content>
       some text
    </Content>
</telerik:RadEditor>

<script>
    function OnClientInlineEditCompleted(sender, args) {
        if (sender._editCompleted) {
            alert("Fired!");
        }
    }

    function OnClientLoad(sender, args) {
        $telerik.$(document).on("mouseup", function (e) {
            if (e.target === sender.get_contentArea() || e.target === sender.get_textArea()) {
                sender._editCompleted = true;
            }
        })

        $telerik.$(document).on("mousedown", function (e) {
            if (e.target === sender.get_contentArea() || e.target === sender.get_textArea()) {
                sender._editCompleted = false;
            } else {
                sender._editCompleted = true;
            }
        })
    }
</script>

Having more than one editor on the page, with EditType="Inline", and using dropdown tools causes the event to be raised for the incorrect editor.

Steps to reproduce in an editor with enabled track changes mechanism:

1. Insert a table
2. Insert a new line after it (paragraph)
3. Insert another table
4. Hit the Undo (or Ctrl+Z)
5. The second table is removed (as expected) but also the first table lost its track-changes formatting (which is unexpected).

When I want to clear a class in the RadEditor the class is cleared in the hyperlink manager, but not in the area in the footer of the RadEditor.

If 'clear class' is selected nothing happens.

When using Metro skin, if I click on a disabled button (Undo, Redo, Unlink and so on), its icon disappears until I click outside it.

https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx?skin=Metro

This does not happen with MetroTouch, Silk or Default skin. How do I replicate the same behavior with Metro skin?

In R3 2016 SP1 when a RadEditor with RenderMode=Classic is disposed and RadScriptManager is used, a JavaScript error is thrown:
IE:  Object doesn't support property or method 'dispose'
Chrome: Uncaught TypeError: this._contextMenuFunctionality.dispose is not a function

FIXED in R3 2016 SP2 (2016.3.1027)

There are three workarounds:
- Set EnableScriptCombine to false for the RadScriptManager (not applicable when CDN is used)
- OR set RenderMode=Lightweight for the RadEditor (you can do this in the web.config for all control instance in the web app if they do not define the Classic mode exiplicitly)
- OR add the following function override at the end of your page:

			<telerik:RadScriptManager ID="RadScriptManager1" runat="server" >
			</telerik:RadScriptManager>

			<%-- WORKAROUND 1: SET EnableScriptCombine="false" TO RADSCRIPTMANAGER--%>

			<asp:Button ID="Button1" Text="click to postback and break the editor" runat="server" />

			<telerik:RadEditor ID="txtInstructions" runat="server">
			</telerik:RadEditor>

			<%-- WORKAROUND 2: SET RenderMode="Lightweight" TO RADEDITOR--%>


			<%--WORKAROUND 3: ADD THE FOLLOWING SCRIPT TO THE END OF THE FORM--%>
			<script>

				Telerik.Web.UI.Editor.DefaultToolAdapter.prototype.dispose = function ()
				{
					delete this._fakeToolbarParentCreated;
					var toolbars = this._getToolBarElements();
					if (toolbars) {
						for (var i = 0; i < toolbars.length; i++) {
							$clearHandlers(toolbars[i]);
						}
					}
					this._tools = [];
					this._disposeToolbarModeHandlers();
					var wnd = this._toolbarHolder;
					if (wnd && wnd.dispose) wnd.dispose();
					var contextMenuFunctionality = this._contextMenuFunctionality;
					if (contextMenuFunctionality && contextMenuFunctionality.dispose) contextMenuFunctionality.dispose();
					Telerik.Web.UI.Editor.DefaultToolAdapter.callBaseMethod(this, "dispose");
				}
			</script>

1.       Visit the RadEditor demo at https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx (I used Google Chrome.)

2.       In the HTML view, replace the entire demo text with

This <strong>strange</strong> thing

3.       In the Design view, place the cursor at the very end of the line, and press Shift+Left repeatedly.

a.       At first it will highlight the final letter correctly.

b.      Then it will UNHIGHLIGHT the final letter!

c.       Then it will begin highlight more letters again starting from the letter BEFORE the final letter.

d.      Then, after highlighting the “e” in strange, it will being UNHIGHLIGHTING starting from the righthand side of the selection!

e.      Then it will highlight left as far as the “s”.

f.        Then it will start UNHIGHLIGHTING from the right again!

g.       Then highlighting the space to the left

h.      Then UNHIGHLIGHTING the space to the left!

i.         Then highlighting to the left as far as the beginning of the line

j.        Then UNHIGHLIGHTING from the right side of the selection!

Pressing Shift+Left and Shift+Right should always modify only one end of the selection, and the other end should always remain where the selection was started. This is how Windows Notepad and virtually all other applications behave.

Steps to reproduce the text highlighting issue:

1. Go to https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx
2. Delete the content and write a single line
3. Use the mouse to highlight a portion of text starting at the end (right side) of the text and dragging toward the beginning (left side).
4. Stop about halfway to the beginning of the text.
5. Now, while the text is still highlighted, press shift and left arrow to continue selecting. This will work for some time until the highlight gets near the beginning, then, the highlight will start moving from the right side.

Hello Team,

In Editor, proportional resize of image (by holding Shift and dragging) is not working unlike in Word.

Could you please suggestion for adding the same in Editor.

Thanks.

There are issues with the cursor location when clicking at the end (or to the right) of a line in bullet lists with multiple levels.

When clicking at the end of the line the cursor is unexpectedly placed at the beginning of the line instead of at the end.

This does not happen if you click on some of the actual text or hit the exact location of the last character of the line, but when you naturally click just to the right of the end of the line.

It seems that it does not happen on all levels, but only some, as I have tried to depict in the attached screenshot.

This behavior was replicated on the latest WebForms Editor demo at https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx

Currently we are in the process of securing our web sites. we are experiencing issue on Xhtml Validator in RadEditor where it is not properly loading due to mixed content issue. There is no way to redirect to HTTPS instead of HTTP site.

We can reproduce this on Rad Editor Demo site by making site as HTTPS and click on XHTML Validator icon.

https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx

Could you please add that feature?

When inserting video in Telerik Editor, radEditor by default inserts it using <embed>.
This element is not supported by Edge. Many modern browsers now support/recommend to use of the <video> tag.
So, that it will render video in most of Chromium browsers out there.

 

 

In order to support the described situation in your project you need to further implement a custom logic that transforms the img's src's value to base46. 

You can find attached an example which you can follow. 

Uncaught TypeError: Failed to execute 'createObjectURL' on 'URL': Overload resolution failed error is thrown when pasting an image or a chart image from MS Word in RadEditor in Chrome / MS Edge.

The problem can be reproduced in the live demos too: https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx. 

The error also prevents the execution of the OnClientPasteHtml event of the control.

 

RadEditor disappears after loading content through ajax manager and SelectedIndexChanged of a regular asp:dropdownlist and iframe content area mode (Safari Only)

Hi Team,

I would like to request the following image file extensions to be displayable using the RadEditor's ImageManager/DocumentManager.  

• abci
• avif
• heif
• heic
• webp

Thank you!