Hi,

I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.

The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.

When using RadEditor with the StripDomEventAttributes content filter enabled, script execution can still occur when switching from HTML to Design mode.

Certain HTML and SVG elements containing attributes such as onload, onclick, or href/to values that start with javascript: are not fully sanitized before the editor’s content is rendered in Design view. As a result, embedded script code can run during the mode transition even though the anti-script filter is active.

Reproduction steps:

Add a RadEditor with the default filters:

<telerik:RadEditor runat="server" ID="RadEditor1"
    ContentFilters="DefaultFilters,StripDomEventAttributes">
</telerik:RadEditor>

1. Load the page.
2. Switch the editor to HTML mode.
3. Paste any of the following samples (look below)
4. Switch to Design view
5. Watch alerts

<svg/onload=alert(1)><svg>
<svg
onload=alert(1)><svg> # newline char
<svg	onload=alert(1)><svg> # tab char
<svgonload=alert(1)><svg> # new page char (0xc)

 

 

 

In earlier versions of the editor, the css class was applied to the image tag itself, which is the correct way to do it. Otherwise the applied css class has no effect on the image.

From the widget/page > select the middle bottom cell (notice it has no styling) > Table properties > Cell Properties > Select the middle bottom cell again > More Cell Styling > Border > Notice that the top row design is inherited > Is this expected? 

 video link:- https://jam.dev/c/1516e16f-1f7c-4e89-8b19-368edabf5703 

I have observed that when we're in the widget > selecting a cell from the table > clicking on Cell Properties > The top row design is not inherited. 

Following  the bug report Cell Properties - Preview only shows top-left cell styling when applying changes to multiple top-row cells > when we navigate the mouse up and down, in the background, we can see only the top left cell with the border we configured. (while initially we selected the top three) > But if now, in the preview page, we will choose the top three > OK >We will see the top three cells showing the design we configured. 

video link:- https://jam.dev/c/ba52bff1-7459-44d6-a647-d3eb5cea07f3. 

When we edit the widget > click on the table on a random cell > select Table Properties > The table wizard will always default to the top left cell > This is working as expected.
If you click in the table (not the editor) and select Cell Properties > the wizard will display (highlight) the cell you selected in the table is it expected that when selecting table properties it always default to the left side first box but when selecting cell properties it will show the current cell which we are in.

video link:- https://jam.dev/c/c1cdf56c-53ab-4218-8774-65907b3efd6d 

When loading RadEditor (Telerik UI for ASP.NET AJAX 2025 Q2) in Internet Explorer 10/11 or Edge in IE Compatibility Mode, the editor does not render and JavaScript errors occur immediately upon page load.

SCRIPT1002: Syntax error
SCRIPT5022: Sys.ArgumentUndefinedException: Value cannot be undefined. Parameter name: type

Position the cursor between the words SharePoint and Whether in the first paragraph and add a line break, after that press Backspace and you'll see that the new line does not disappear.

Adding new sections between existing paragraphs or after the last paragraph seems to work fine, but if you have to break up an existing paragraph into two paragraphs and then want to turn it back into one you won't be able to.

https://www.screencast.com/t/NAniQ50c2UU9

Hi,

We are using Material Theme in our application. We see the problem in Rad Editor's Ribbon. Some icons are overlapping the Text. In the demo, it seems to be same behavior.

Regards,
Jamil

Steps to Reproduce:
1. Insert a table and add some data to the table in Chrome
2. Above the Table, insert some text
3. Highlight the text and drag cursor to highlight half of the data in the table
4. Hit Delete on your keyboard

Result: The colgroup is removed from the table

In the demo:
https://demos.telerik.com/aspnet-ajax/editor/examples/trackchanges/defaultcs.aspx

 

1. (Preparation) Disable TrackChange and Remove all text. Enable Track Change back.

2. Insert table, (HTML View)

3. In the design mode set new paragraph after table:

 

Insertion of the table dissapeared.

How to fix this issue?

I am experiencing an issue in the Telerik Rad Editor where, after copying and pasting a long sentence in a single line, if I apply bold formatting to a word and place the cursor at the beginning of the bolded word, pressing Enter results in an empty line being inserted between the text. This behavior is reproducible on the Telerik webforms editor demo site as well.

I would appreciate any guidance on how to resolve this issue. Thanks in advance.

Hi Telerik Team,

I have encountered a strange issue while working with RadEditor in Track Changes mode, specifically when editing tables. When deleting content inside a table cell, the entire cell behaves abnormally—either disappearing visually or causing layout disruptions. I have attached a screenshot to illustrate the issue.

Steps to Reproduce the Issue:

1. Enable Track Changes mode.
2. Insert a table with at least 3 columns and multiple rows.
3. Type some content into different cells.
4. Delete the content inside one of the table cells.
5. The cell appears to be deleted or behaves unexpectedly instead of just removing the text inside.

I have a big problem here. I have the following code and this code is launched in RadWindow as well:


 
The problem here is only using the iPhone (ioS), that the user is NOT able to select onto the RadEditor to begin typing. Seems to somehow block it out. I have stripped down to the basic code above and tested.

Can you tell us if this is a known issue?

Is there a workaround?

 

Don

The Table Wizard dialog, the Table Properties tab shows Cell Padding and Cell Spacing fields, but this fields can only apply values. If you edit them through the HTML mode or the Properties Inspector module, the fields in Table Properties dialog will not be updated.

There is a bug in the editor when using the image manager to insert an image after creating a new image.  This is recreated on the live demo site - http://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx

1. Open the image manager in the editor.
2. Click on an image editor after selecting an image.
3. Use the resizing tool to resize and save a new version of the image. 
4. Once the save is made, both images (the original and the newly created) are selected and when you click insert, both images will be inserted.

The following concerns the editing of tables within RadEditor using the out-of-the-box Delete Row and Delete Column commands:
Delete Rows:
- Click in a cell.
- Click the Delete Row button. The row is deleted.
- The Delete Row button is still enabled, but when I click it nothing happens. The cursor is in the expected location and I'm able to immediately begin typing. However, I must again click in the cell for the Delete Row button to work.

Delete Columns:
- Click in a cell.
- Click the Delete Column button. The column is deleted.
- The Delete Column button is disabled. If I begin typing or click in the table it becomes enabled and functional again.

The end-user should be able to repeatedly click either button and have it work until there aren't any more rows or columns left to delete.

Steps to reproduce:
1. go to demo url http://demos.telerik.com/aspnet-ajax/editor/examples/edittemplate/defaultcs.aspx
2. click add new record
3. try to manually resize editor. it won't.
4. click add new record again.
5  try to manually resize editor, now it will.