Hi,

when using the StripCssExpressions Content Filter, it's working as expected in most cases, but when there's a linebreak inside of the style it breaks.

<telerik:RadEditor ContentFilters="RemoveScripts,StripCssExpressions,StripDomEventAttributes" />

<span style="width: expression((document.body.offsetWidth / 4 + 30) + 'px'); background-color: green;">text in a span</span>

<span style="width: 
expression((document.body.offsetWidth / 4 + 30) + 'px'); background-color: green;">text in a span</span>

The usage for the content filter is to prevent XSS attacks, and in our solution used besides several other means to avoid malicious code execution.

As expected, the filter not working is a security risk.

Does anyone have a good workaround available? (or is there a timeline on an official bugfix?)

Hi,

I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.

The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.

The table wizard dialog of RadEditor does not function properly when there is a table having more than 500 columns.

Video: http://somup.com/crXlln0eIi

As Bootstrap is the industry standard for website and app grids, a very powerfull addition for RadEditor would be a Bootstrap grid builder like this one:

https://www.youtube.com/watch?v=WQZ9zcf_ZRo

How cool would that be, building your Bootstrap parts in the Editor itself. Did anyone try this? Any hints on how one could build this functionality.

Let me know if we could collaborate to get something like this.

Thanks,

Marc

Rich Text Editor: Un-bolding html elements inside a bolded parent element creates extra html elements.

Process to recreate

1. Add html element inside a bolded html element (via snippet or in html tab), then un-bold inner html element only.

Example html element inside a bolded html element:

<p>

<strong>

Prior Authorization

<span>inner html element</span>

Interceptor

</strong>

</p>

2. Then un-bold the inner html element on the Design Tab.

Result

The resulting html in the html tab has extra html elements in both sections of surrounding still-bolded text.

<p>

<strong>Prior Authorization <span></span></strong>

<span>inner html element</span>

<strong><span></span> Interceptor</strong>

</p>

The contenteditable feature is not working as per the instructions from Editable and Non-Editable Areas

Reproduction

<telerik:RadEditor runat="server" ID="Casenote" EditModes="Design">
    <Content>
        <div style="border: red 1px solid;" contenteditable="false" unselectable="on">
            Non Editable AREA
            <div style="border: green 1px solid;" contenteditable="true" unselectable="off">
                <!--Content name="info" -->
                Editable REGION...
                <!--/Content -->
            </div>
            Non Editable AREA
        </div>
    </Content>
</telerik:RadEditor>

I found the Rad Editor track changes feature as useful control in telerik. As many software or finance companies have their operations going on, on each stage they would require to change their BRD, UD, Product Documents etc. to keep track of the change the editor is useful.

I would like to add some points for improvement, that we have costumized in our portal.

1) Listing of all the changes in left side of the editor (Added/ Deleted/ Replaced).

2) Can track text replacement also.

Given you have a table, where a row has multiple cells containing rowspans.

And there are also cells with no rowspan between them.

E.g. Starting HTML

<table>
    <tbody>
        <tr>
            <td rowspan="2">A1</td>
            <td>B1</td>
            <td rowspan="2">C1</td>
        </tr>
        <tr>
            <td>B2</td>
        </tr>
    </tbody>
</table>

When you delete the row (E.g. delete row 1 in the example above).

Then the cells in the resulting table are in the wrong columns.

E.g. Result HTML

<table>
    <tbody>
        <tr>
            <td>A1</td>
            <td>C1</td>
            <td>B2</td>
        </tr>
    </tbody>
</table>

Cells C1 and B2 are in the incorrect columns.

The desired outcome of deleting row 1 would be for all cells to remain in their original columns.

E.g. Desired Result HTML

<table>
    <tbody>
        <tr>
            <td>A1</td>
            <td>B2</td>
            <td>C1</td>
        </tr>
    </tbody>
</table>

Bug is reproducible in RadEditor demo using Starting HTML above (in various browsers).

Thank you,

Shane

When the RenderMode property is set to Lightweight, File manager dialogs still load with Classic render mode, even when the <add key="Telerik.Web.UI.RenderMode" value="Lightweight" /> is set globally in the web.config:

<telerik:radeditor RenderMode="Lightweight" runat="server" id="mainRadEditor" EditModes="Design" >
    <Tools>
        <telerik:EditorToolGroup>
            <telerik:EditorTool Name="ImageManager"/>
            <telerik:EditorTool Name="DocumentManager"/>
        </telerik:EditorToolGroup>
    </Tools>
</telerik:radeditor>

This is causing rendering problems and some of the icons do not load.

1. Extract the attached word file.

2. Open it and copy the table content.

3. Go to https://demos.telerik.com/aspnet-ajax/editor/examples/cleaningwordformatting/defaultcs.aspx and paste it without stripping the Word formatting - everything will be fine.

4. Paste it again with stripping the Word formatting - you will see the problem - there is a ticker border around many of the cells:

If you paste the content without stripping the formatting and after that strip it with the FormatStripper the ticker border will not appear.

Hello Telerik Team,

This is regarding The SpellCheck functionality in the Telerik Editor. Basically whenever a user activates the the SpellCheck from the "✓abc" button, the page automatically scrolls based on the position of the word. This does not give a good user experience and makes it difficult to work on the page. 

We have seen this issue in the demos you have on your site as well.

URL: https://demos.telerik.com/aspnet-ajax/editor/examples/spellchecker/defaultcs.aspx

To Replicate go to this URL and follow the process below: 

• Click on the "✓abc" button at the top left corner of the editor (1 In Image).
• Notice that the "Suggestion box" scroll the whole page. (2 In Image)
• Also, if you click on any other word (marked in YELLOW) in the editor, the same issue can be replicated. (3 In Image)

For your reference, we have attached a screenshot of the editor we have in our website.

Let us know if you require any further information to debug it.

Thank you,

Prateek Sanganeria

Images in a RadEditor can be resized two ways:

1. Using the image properties dialog and keying in width/height. The aspect ratio can be locked here so that keying in width updates height accordingly, and vice versa.

2. Clicking and dragging the resize handles. This does not maintain the aspect ratio of the image, even when the aspect ratio lock option is enabled in the image properties dialog.

Request: That the image aspect ratio lock option in the image properties dialog applies when dragging the resize handles.

When opening in MS Edge the Table Wizard, the items in Table Layouts tab, Select Table Style dropdown are not populated

WORKAROUND:

As a temporary workaround, you can use the attached script and loaded to the DialogsScriptFile property of the Editor:

• https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/server-side-programming/overview

<telerik:RadEditor runat="server" DialogsScriptFile="~/dialogscript.js"></telerik:RadEditor>

We are using CDN and combined scripts as much as possible, and have run into an issue with the RadEditor and applying custom CSS Classes break, e.g. the applied CSS class on the selected content gets stripped for example from 

.laystyle

to

.l

ConvertWordLists errors out when pasting bullets in a nested table inside another table from Word. 

Test with the attached word doc in the https://demos.telerik.com/aspnet-ajax/editor/examples/cleaningwordformatting/defaultcs.aspx demo and you'll get the following error: