Dear support,

we've recently updated to the Telerik version 2025.4.1210.462 and are experiencing issues with the (relatively) new RadEditor filter EditorFilters.StripCssExpressions. In particular, setting the RadEditor.Content and rendering the RadEditor object drastically tanks performance in certain situations.

We're aware of the web.config setting to increase the Telerik.RegexMatchTimeout, but for a 79KiB content to be rendered basically instantaneously with the previously mentioned filter being explicitly disabled to take 23+ seconds to render if the filter is enabled is quite shocking to me.

Please find a simple sample page (including the content-value) attached.

We'd really like to use the new security features of the RadEditor, but given this performance impact, we'll be unable to ship this feature as-is.

(Off-topic: We're currently evaluating to re-enable the EditorFilters.StripJavaScriptUris which removed our base64-encoded images in the November release of Telerik, but got fixed with the December release.)

Thanks in advance for investigating this issue and I'll be awaiting your feedback.

Kind regards

Hi, 

We need to add an aria-label attribute to the RadEditor toolbar link buttons to match the title attribute text. I have been successful using JQuery on other controls to improve accessibility, but this one is not working. It appears because the link button is not rendered since is a pseudo element using the ::before. I have been unable to inject the attribute on page load. 

The issue is for screen readers the editor buttons are not announced when using the arrow key navigation which is called virtual mode. The buttons do announce when using the tab key which is called forms mode.

If this can be a bug fix it would benefit everyone, otherwise, if you have a code suggestions that is helpful. Image attached. 

Thank you.

The newly introduced StripJavaScriptUris security filter is incorrectly identifying and removing legitimate base64-encoded image data URIs (e.g., data:image/png;base64,...) from RadEditor content. The filter treats these safe image URIs as potential XSS threats and strips them along with dangerous JavaScript URIs.

1. In Design mode, select all text (Ctrl + A) and delete it.
2. Switch to HTML mode.
3. Switch back to Design mode.
4. Press Ctrl + Z (Undo).

• The first Ctrl + Z has no effect; the deleted text is restored only after pressing Ctrl + Z a second time.

Steps to Reproduce

1. Open a page containing RadEditor with some content in it
2. In Design mode, select all text (Ctrl+A)
3. Delete the selected text
4. Switch to HTML mode
5. Switch back to Design mode
6. Press Ctrl+Z (Undo) a couple of times.
   

Current Result

• A JavaScript error is thrown in the browser console
• The undo operation fails to restore the deleted content
• Error occurs in _updateBrowserRangeStart method when calling this.range.setStart(e, t)

Expected Result

• The undo operation should work without errors
• The previously deleted text should be restored
• No JavaScript errors should appear in the console

When using RadEditor with the StripDomEventAttributes content filter enabled, script execution can still occur when switching from HTML to Design mode.

Certain HTML and SVG elements containing attributes such as onload, onclick, or href/to values that start with javascript: are not fully sanitized before the editor’s content is rendered in Design view. As a result, embedded script code can run during the mode transition even though the anti-script filter is active.

Reproduction steps:

Add a RadEditor with the default filters:

<telerik:RadEditor runat="server" ID="RadEditor1"
    ContentFilters="DefaultFilters,StripDomEventAttributes">
</telerik:RadEditor>

1. Load the page.
2. Switch the editor to HTML mode.
3. Paste any of the following samples (look below)
4. Switch to Design view
5. Watch alerts

<svg/onload=alert(1)><svg>
<svg
onload=alert(1)><svg> # newline char
<svg	onload=alert(1)><svg> # tab char
<svgonload=alert(1)><svg> # new page char (0xc)

 

 

 

From the widget/page > select the middle bottom cell (notice it has no styling) > Table properties > Cell Properties > Select the middle bottom cell again > More Cell Styling > Border > Notice that the top row design is inherited > Is this expected? 

 video link:- https://jam.dev/c/1516e16f-1f7c-4e89-8b19-368edabf5703 

I have observed that when we're in the widget > selecting a cell from the table > clicking on Cell Properties > The top row design is not inherited. 

Following  the bug report Cell Properties - Preview only shows top-left cell styling when applying changes to multiple top-row cells > when we navigate the mouse up and down, in the background, we can see only the top left cell with the border we configured. (while initially we selected the top three) > But if now, in the preview page, we will choose the top three > OK >We will see the top three cells showing the design we configured. 

video link:- https://jam.dev/c/ba52bff1-7459-44d6-a647-d3eb5cea07f3. 

Table properties > Select cells (e.g the top three) > Border > Select the bottom > 6 PX > Purple > OK > The preview is not showing the changes we want to apply > the preview is showing only the top left cell

video link:- https://jam.dev/c/88c17904-c758-47ab-949c-d29b4775dc6d 

When we edit the widget > click on the table on a random cell > select Table Properties > The table wizard will always default to the top left cell > This is working as expected.
If you click in the table (not the editor) and select Cell Properties > the wizard will display (highlight) the cell you selected in the table is it expected that when selecting table properties it always default to the left side first box but when selecting cell properties it will show the current cell which we are in.

video link:- https://jam.dev/c/c1cdf56c-53ab-4218-8774-65907b3efd6d 

When loading RadEditor (Telerik UI for ASP.NET AJAX 2025 Q2) in Internet Explorer 10/11 or Edge in IE Compatibility Mode, the editor does not render and JavaScript errors occur immediately upon page load.

SCRIPT1002: Syntax error
SCRIPT5022: Sys.ArgumentUndefinedException: Value cannot be undefined. Parameter name: type

Hi,

We are using Material Theme in our application. We see the problem in Rad Editor's Ribbon. Some icons are overlapping the Text. In the demo, it seems to be same behavior.

Regards,
Jamil

In the demo:
https://demos.telerik.com/aspnet-ajax/editor/examples/trackchanges/defaultcs.aspx

 

1. (Preparation) Disable TrackChange and Remove all text. Enable Track Change back.

2. Insert table, (HTML View)

3. In the design mode set new paragraph after table:

 

Insertion of the table dissapeared.

How to fix this issue?

Hi 

I have a RadEditor control where some toolbar functionalities are not working.

After searching for a possible reason, I used the OnClientCommandExecuting client-side event and noticed that sometimes, instead of the args with its value, I found the item of a RadTreeList control present on the page.

I tried to reproduce the issue by inserting an Editor and a TreeList on a page. I write some text in the Editor and try to change the color or background. Not always (and I can't figure out when), but sometimes the args are incorrect.

For example, if I open a node of the tree, the error is almost certain after that.

I send you an image of my javascript debugger.

I don't know what I can do, do you have any ideas?

Thanks

Michela

Hi Telerik Team,

I have encountered a strange issue while working with RadEditor in Track Changes mode, specifically when editing tables. When deleting content inside a table cell, the entire cell behaves abnormally—either disappearing visually or causing layout disruptions. I have attached a screenshot to illustrate the issue.

Steps to Reproduce the Issue:

1. Enable Track Changes mode.
2. Insert a table with at least 3 columns and multiple rows.
3. Type some content into different cells.
4. Delete the content inside one of the table cells.
5. The cell appears to be deleted or behaves unexpectedly instead of just removing the text inside.

I am experiencing an issue in the Telerik Rad Editor where, after copying and pasting a long sentence in a single line, if I apply bold formatting to a word and place the cursor at the beginning of the bolded word, pressing Enter results in an empty line being inserted between the text. This behavior is reproducible on the Telerik webforms editor demo site as well.

I would appreciate any guidance on how to resolve this issue. Thanks in advance.

Steps to reproduce in an editor with enabled track changes mechanism:

1. Insert a table
2. Insert a new line after it (paragraph)
3. Insert another table
4. Hit the Undo (or Ctrl+Z)
5. The second table is removed (as expected) but also the first table lost its track-changes formatting (which is unexpected).

When I want to clear a class in the RadEditor the class is cleared in the hyperlink manager, but not in the area in the footer of the RadEditor.

If 'clear class' is selected nothing happens.

When using Metro skin, if I click on a disabled button (Undo, Redo, Unlink and so on), its icon disappears until I click outside it.

https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx?skin=Metro

This does not happen with MetroTouch, Silk or Default skin. How do I replicate the same behavior with Metro skin?

Hello Team,

In Editor, proportional resize of image (by holding Shift and dragging) is not working unlike in Word.

Could you please suggestion for adding the same in Editor.

Thanks.