Hi,

As per title and I also find out it able to reproduce in the demo site: https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx

Step:

1. Change to 'HTML' mode.

2. Open 'Find And Replace' dialog.

3. Enter a word to find and hit the 'Find' button.

Notice that the word does not get highlighted. It only happens in 'HTML' mode, 'Design' mode working fine.

Please help as this feature is very useful in my project.

Thank you.

Steps to Reproduce

1. Open a page containing RadEditor with some content in it
2. In Design mode, select all text (Ctrl+A)
3. Delete the selected text
4. Switch to HTML mode
5. Switch back to Design mode
6. Press Ctrl+Z (Undo) a couple of times.
   

Current Result

• A JavaScript error is thrown in the browser console
• The undo operation fails to restore the deleted content
• Error occurs in _updateBrowserRangeStart method when calling this.range.setStart(e, t)

Expected Result

• The undo operation should work without errors
• The previously deleted text should be restored
• No JavaScript errors should appear in the console

Hi, 

We need to add an aria-label attribute to the RadEditor toolbar link buttons to match the title attribute text. I have been successful using JQuery on other controls to improve accessibility, but this one is not working. It appears because the link button is not rendered since is a pseudo element using the ::before. I have been unable to inject the attribute on page load. 

The issue is for screen readers the editor buttons are not announced when using the arrow key navigation which is called virtual mode. The buttons do announce when using the tab key which is called forms mode.

If this can be a bug fix it would benefit everyone, otherwise, if you have a code suggestions that is helpful. Image attached. 

Thank you.

The newly introduced StripJavaScriptUris security filter is incorrectly identifying and removing legitimate base64-encoded image data URIs (e.g., data:image/png;base64,...) from RadEditor content. The filter treats these safe image URIs as potential XSS threats and strips them along with dangerous JavaScript URIs.

Hi 

I have a RadEditor control where some toolbar functionalities are not working.

After searching for a possible reason, I used the OnClientCommandExecuting client-side event and noticed that sometimes, instead of the args with its value, I found the item of a RadTreeList control present on the page.

I tried to reproduce the issue by inserting an Editor and a TreeList on a page. I write some text in the Editor and try to change the color or background. Not always (and I can't figure out when), but sometimes the args are incorrect.

For example, if I open a node of the tree, the error is almost certain after that.

I send you an image of my javascript debugger.

I don't know what I can do, do you have any ideas?

Thanks

Michela

I have a RadEditor that is rendered in mobile mode on a mobile device emulator in Chrome browser.
For this editor, I have subscribed to OnClientCommandExecuted event. The event fires, but the problem is that it fires twice for ToggleScreenMode command.
To reproduce this issue, you can use the page code below and render it in Chrome mobile emulator; then press on edit pencil button followed by clicking the check button.

<%@ Page https://goo.gl/ddHuHyLanguage="C#" AutoEventWireup="true" %>
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Command event firing twice for ToggleScreenMode in Mobile Render Mode</title>
    <meta name="viewport" content="width=device-width,intial-scale=1.0, maximum-scale= 1.0,,user-scalable=no"/>
</head>
<body>
    <form id="form1" runat="server">
         <telerik:RadScriptManager ID="RadScriptManager1" runat="server">
            <Scripts>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js"></asp:ScriptReference>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js"></asp:ScriptReference>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js"></asp:ScriptReference>
            </Scripts>
        </telerik:RadScriptManager>
    <div>
    <telerik:RadEditor ID="RadEditor1" runat="server" AutoResizeHeight="True" RenderMode="Auto" OnClientCommandExecuted="CommandExecuted" Width="99%">
            </telerik:RadEditor>
    </div>
        <script>
            function CommandExecuted(sender, args) {
                if (args.get_commandName() === "ToggleScreenMode" && (typeof sender.isFullScreen() === "undefined" ||
                    sender.isFullScreen() === false)) {
                    alert("Command Executed Fired for ToggleScreenMode");
                }
            }
        </script>
    </form>
</body>
</html>

Workaround:
<telerik:RadEditor ID="RadEditor1" runat="server" AutoResizeHeight="True" RenderMode="Auto" OnClientCommandExecuted="CommandExecuted" Width="99%">
    <Content>dadas</Content>
</telerik:RadEditor>
<script>
    function CommandExecuted(editor, args) {
        if (args.get_commandName() == "ToggleScreenMode") {
            var goingIntoReadMode = $telerik.$(editor.get_element()).find(".reIcon.reIconEditContent").is(":visible");
 
            if (goingIntoReadMode == false) {
                editor.__modifiedContentAlready = false;
                //modify content for edit mode
                console.log("modify content for edit mode")
            }
            if (goingIntoReadMode == true && editor.__modifiedContentAlready == false) {
                //modify content for read mode
                console.log("modify content for read mode");
                editor.__modifiedContentAlready = true;
            }
        }
    }
</script>

1. In Design mode, select all text (Ctrl + A) and delete it.
2. Switch to HTML mode.
3. Switch back to Design mode.
4. Press Ctrl + Z (Undo).

• The first Ctrl + Z has no effect; the deleted text is restored only after pressing Ctrl + Z a second time.

Using the latest 2022.3.1109.45, our web application is catching "Invalid Resource Request" exceptions when the Windows7 or Vista (maybe others too) loads the "Editor" control in "Classic" mode.    By decoding the URL, the control is having problems locating the image below

WebResource.axd?d=ZHkUja8e5EF7zNoz8IiY_kAGH7MBQgCnq0BEYT2AtFLv57GDfGbEymwRG8H68WuiE_6l2fpZpqb_FzVc_OItknX-LMTzvQOwC0Mk8HaCtGvNzWl-5nNlZ6xpbOjNSk4A0QtPGtyV0UA-BWX4bOfPU8EI30eAVg8UO6p7yERiuEbCUoiZOGUevYGPdrNVvPel0&t=638034624000000000
Error Message: This is an invalid webresource request.

Telerik.Web.UI.Skins|Telerik.Web.UI.Skins.Vista.Editor.ToolbarVerticalSprites.gif

Telerik.Web.UI.Skins|Telerik.Web.UI.Skins.Windows7.Editor.ToolbarSprites.gif

Change the skin of the radeditor in the default.aspx to another skin such as "metro" and the problem will not happen.    It works OK at least on Black, Metro and Silk but haven't tested others, you can tell it doesn't work when the divider bars in the editor toolbar don't appear properly.

Hi,

I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.

The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.

When using RadEditor with the StripDomEventAttributes content filter enabled, script execution can still occur when switching from HTML to Design mode.

Certain HTML and SVG elements containing attributes such as onload, onclick, or href/to values that start with javascript: are not fully sanitized before the editor’s content is rendered in Design view. As a result, embedded script code can run during the mode transition even though the anti-script filter is active.

Reproduction steps:

Add a RadEditor with the default filters:

<telerik:RadEditor runat="server" ID="RadEditor1"
    ContentFilters="DefaultFilters,StripDomEventAttributes">
</telerik:RadEditor>

1. Load the page.
2. Switch the editor to HTML mode.
3. Paste any of the following samples (look below)
4. Switch to Design view
5. Watch alerts

<svg/onload=alert(1)><svg>
<svg
onload=alert(1)><svg> # newline char
<svg	onload=alert(1)><svg> # tab char
<svgonload=alert(1)><svg> # new page char (0xc)

 

 

 

In earlier versions of the editor, the css class was applied to the image tag itself, which is the correct way to do it. Otherwise the applied css class has no effect on the image.

From the widget/page > select the middle bottom cell (notice it has no styling) > Table properties > Cell Properties > Select the middle bottom cell again > More Cell Styling > Border > Notice that the top row design is inherited > Is this expected? 

 video link:- https://jam.dev/c/1516e16f-1f7c-4e89-8b19-368edabf5703 

I have observed that when we're in the widget > selecting a cell from the table > clicking on Cell Properties > The top row design is not inherited. 

Following  the bug report Cell Properties - Preview only shows top-left cell styling when applying changes to multiple top-row cells > when we navigate the mouse up and down, in the background, we can see only the top left cell with the border we configured. (while initially we selected the top three) > But if now, in the preview page, we will choose the top three > OK >We will see the top three cells showing the design we configured. 

video link:- https://jam.dev/c/ba52bff1-7459-44d6-a647-d3eb5cea07f3. 

Table properties > Select cells (e.g the top three) > Border > Select the bottom > 6 PX > Purple > OK > The preview is not showing the changes we want to apply > the preview is showing only the top left cell

video link:- https://jam.dev/c/88c17904-c758-47ab-949c-d29b4775dc6d 

When we edit the widget > click on the table on a random cell > select Table Properties > The table wizard will always default to the top left cell > This is working as expected.
If you click in the table (not the editor) and select Cell Properties > the wizard will display (highlight) the cell you selected in the table is it expected that when selecting table properties it always default to the left side first box but when selecting cell properties it will show the current cell which we are in.

video link:- https://jam.dev/c/c1cdf56c-53ab-4218-8774-65907b3efd6d 

When loading RadEditor (Telerik UI for ASP.NET AJAX 2025 Q2) in Internet Explorer 10/11 or Edge in IE Compatibility Mode, the editor does not render and JavaScript errors occur immediately upon page load.

SCRIPT1002: Syntax error
SCRIPT5022: Sys.ArgumentUndefinedException: Value cannot be undefined. Parameter name: type

Position the cursor between the words SharePoint and Whether in the first paragraph and add a line break, after that press Backspace and you'll see that the new line does not disappear.

Adding new sections between existing paragraphs or after the last paragraph seems to work fine, but if you have to break up an existing paragraph into two paragraphs and then want to turn it back into one you won't be able to.

https://www.screencast.com/t/NAniQ50c2UU9

Hi,

We are using Material Theme in our application. We see the problem in Rad Editor's Ribbon. Some icons are overlapping the Text. In the demo, it seems to be same behavior.

Regards,
Jamil

Steps to Reproduce:
1. Insert a table and add some data to the table in Chrome
2. Above the Table, insert some text
3. Highlight the text and drag cursor to highlight half of the data in the table
4. Hit Delete on your keyboard

Result: The colgroup is removed from the table