The content area size is exceeding RadEditor's height in IE11 with its default document mode "Edge". Currently the issue could be worked around by setting the following meta tag.
<meta http-equiv="x-ua-compatible" content="IE=10">
The approach is described on the following article:
http://msdn.microsoft.com/en-us/library/ie/jj676915%28v=vs.85%29.aspx
When link is given to any image or text, Unlink command should get enabled. But it gets enabled for text only while remains disabled for images. http://screencast.com/t/xHgru58pzKL The issue has been reproducible since 2015 Q1 release
If the user creates a link with the first word in the editor and then decides to insert a new paragraph, even though the link is moved to the 2nd paragraph the same link is also created in the first paragraph.
The error causes the editor's content area not to render.
The following script can be used as a temporary workaround:
<telerik:RadEditor runat="server" ID="RadEdior1" OnClientSelectionChange="OnClientSelectionChange">
</telerik:RadEditor>
<script type="text/javascript">
function OnClientSelectionChange(editor, args) {
if (!editor.getSelectedElement()) {
editor.focusFirstText();
}
}
</script>
Subsequent showing of an Paste HTML dialogs updates the title with some delay.
A possible workaround is using the code from this example:
<telerik:RadEditor runat="server" ID="RadEditor1" OnClientCommandExecuted="OnClientCommandExecuted">
</telerik:RadEditor>
<script type="text/javascript">
function OnClientCommandExecuted(editor, args) {
var command = args.get_commandName();
var dialogContainer = editor.get_dialogOpener()._dialogContainers;
var dialogName = "";
switch (command) {
case "PasteFromWord":
case "PasteFromWordNoFontsNoSizes":
case "PasteAsHtml":
dialogName = "CleanPasteHtmlContent";
break;
default:
break;
}
dialogContainer[dialogName].add_pageLoad(updateTitle);
dialogContainer[dialogName].add_show(updateTitle);
}
function updateTitle(sender, args) {
var clientParameters = sender.ClientParameters;
if (clientParameters && clientParameters.dialogTitle)
sender.set_title(clientParameters.dialogTitle)
sender.add_pageLoad(updateTitle);
sender.add_show(updateTitle);
}
</script>
Handling the OnClientPasteHtml event of the editor cannot be used properly, because the logic cannot rely on the command name to further interact with pasted content.
For the time being you can use the following script to workaround the issue:
<telerik:RadEditor runat="server" ID="RadEditor1">
</telerik:RadEditor>
<script type="text/javascript">
Telerik.Web.UI.Editor.CommandList.PastePlainTextWithTable = function (commandName, editor, args) {
if (editor.get_lockFormatting && !editor.get_lockFormatting())
return;
if ($telerik.isIE) {
var restorePoint = editor.createRestorePoint(),
utils = Telerik.Web.UI.Editor.Utils,
dirtyText = utils.getClipboardAsHtml(editor),
cleanedText = utils.cleanPastedContent(dirtyText,
editor.get_stripFormattingOptions(),
editor.get_localization()["askwordcleaning"], false);
restorePoint.select();
editor.pasteHtml(cleanedText, args.get_commandName());
}
};
</script>
When pasting a list element in the editor via the pasteHtml method, the cursor is positioned in the beginning of the first possible list element. The expected behavior should be to be placed right after the last list item.
The scenario is very specific. It is reproducible only under IE11 when RadEditor is loaded in an iframe, in Div content area mode, with AutoResizeHeight="true" and Skin is set to MetroTouch or BlackMetroTouch
Deleting all content in editor (e.g., Ctrl+A and delete), and switching to HTML mode, an unwanted is always present. Whereas, the content should be empty.
If you set anchors in html content and additional put some HTML comments, under IE7 the hrefs will be placed as absolute.
For example the following HTML:
<div id="htmlcontent">
<div>
<!-- comment beginning -->
<a href="/relativePath/ToALink">
<img alt="" src="relativePath/ToMyImage/image.gif" />
</a>
</div>
<!-- /another ending comment -->
</div>
Will be transformed to this one:
<DIV id=htmlcontent>
<DIV><!-- comment beginning --><A href="http://localhost:52771/relativePath/ToALink"><IMG alt="" src="http://localhost:52771/relativePath/ToMyImage/image.gif"> </A></DIV><!-- /another ending comment --></DIV>
In Q2 2013 the block commands in RadEditor were greatly improved to match desktop editors closely. This means that now block elements like <p> or <div> are required for operations like creating lists, indent/outdent commands. The default value for the NewLineMode property of the control is BR for historical reasons and thus when the end users press enter they do no longer create elements the block commands can work with. Changing it would be a breaking change, however. Here is a list with possible implications of changing the default NewLineMode value to P: Pros: - The default text editing in modern browsers according to HTML5 specifications (https://dvcs.w3.org/hg/editing/raw-file/tip/editing.html#the-insertparagraph-command) requires that a paragraph is inserted when enter is pressed - The content generated by the end users by default will integrate better with the improved commands of the control - Most desktop rich text editing applications (like MS Word) insert a paragraph when enter is pressed Cons: - A breaking change in the current control behavior and configuration - When paragraphs are inserted they will add more margins so the final appearance of the content and the editing process will require more height - By default, the underlying rich-text editing engine of Firefox uses BR tags and Chrome's - DIV tags Please use the buttons on the right to vote whether this change should be implemented. If you have anything to add - the comments below can be used.
Such a scenario is reproducible when RadEditor is used in Template container and the control is AJAX-enabled. For example, in an EditTemplate or InsertTemplate.
To workaround this bug, you need to assure that the base CSS resource is loaded before RadEditor. To do so, add manually the resource in the head element of the page:
<head runat="server">
<title></title>
<telerik:RadCodeBlock ID="RadCodeBlock1" runat="server">
<link href='<%= Page.ClientScript.GetWebResourceUrl(typeof(RadEditor), "Telerik.Web.UI.Skins.EditorLite.css") %>'
rel="stylesheet" type="text/css" />
</telerik:RadCodeBlock>
</head>
Trying to operate with images in RadEditor under IE11 leads to unresponsiveness. For example, using the paragraph style, selecting an image and switching to HTML and Design mode, etc. You can workaround that by forcing the compatibility mode of the IE to IE8: <meta http-equiv="X-UA-Compatible" content="IE=8" />
Update:
For securing the RadEditor content and preventing XSS attacks we advise enabling the RemoveScripts, EncodeScripts, StripCssExpressions and StripDomEventAttributes content filters to sanitize the content. For more information please check the following help article and blog post on the matter:
Original message:
It is possible to conduct a successful XSS attack by injecting a specific malicious content in the RadEditor content. This attack targets Internet explorer browsers. It takes advantage of a security vulnerability related to the CSS expression rule in Legacy IE browsers, where arbitrary JavaScript code embedded in the style attribute of a DOM element can be run on the page. There is a workaround that is strongly recommended to be used in order to make such attack attempts unsuccessful. The idea is to strip the expression declaration from the style attribute value of DOM elements in the RadEditor Content. Following is a sample implementation Usage: protected void Page_Load(object sender, EventArgs e) { var sanitizer = new CssExpressionSanitizer(); theEditor.Content = sanitizer.Sanitize(theEditor.Content); } Content of the CssExpressionSanitizer class: public class CssExpressionSanitizer { private static readonly Regex expressionPattern = new Regex(@"<[a-zA-Z0-9]+[^>]*?style=['""]?.*?(?<cssRule>[^;""]+: expression(?<bracket>\())", RegexOptions.Compiled); public string Sanitize(string input) { var matches = expressionPattern.Matches(input); for (int i = matches.Count - 1; i >= 0; i--) { input = SanitizeExpression(input, matches[i]); } return input; } private string SanitizeExpression(string input, Match m) { var cssRuleIndex = m.Groups["cssRule"].Index; var expressionIndex = m.Groups["bracket"].Index; input = StripMatchingBracketsWithContent(input, expressionIndex); input = input.Remove(cssRuleIndex, expressionIndex - cssRuleIndex); if (input[cssRuleIndex] == ';') { input = input.Remove(cssRuleIndex, 1); } return input; } private string StripMatchingBracketsWithContent(string input, int startIndex) { var openBrackets = 0; do { char currentChar = input[startIndex]; if (currentChar == '"' || currentChar == '\'' || currentChar == '/') { //strip within quotation marks making sure brackets appearing in string constructs do not interfere with the counting var parser = new InPairStringParser(currentChar); input = parser.Sanitize(input, startIndex); currentChar = input[startIndex]; } input = input.Remove(startIndex, 1); if (currentChar == '(') openBrackets++; else if (currentChar == ')') openBrackets--; } while (openBrackets > 0 && input.Length > startIndex); return input; } public class InPairStringParser { public InPairStringParser(char pairChar) { this.pattern = new Regex(String.Format("{0}.*?(?<!\\\\){0}", pairChar)); } public string Sanitize(string input, int startIndex) { var subinput = input.Substring(startIndex); return input.Substring(0, startIndex) + pattern.Replace(subinput, "", 1); } private readonly Regex pattern; } }
As the selection changes when typing inside textbox, JavaScript errors are being thrown.
If some textarea elements are added inside the content area, focusing and typing text inside is almost impossible. There are also cases, where the text overrides the element on typing. Additionally, any text input elements are difficult to be selected. It is required to click multiple times so to appear selected.
The behavior of Paste tools should be the same as in Firefox, Chrome, etc., where the clipboard access is also forbidden.
For example, checkboxes with plain text as labels before them do not appear selected in RadEditor:
HTML:
Checkbox: <input type="checkbox" />
Web page hangs with long running script error when the Foreground color of table content is cleared in IE11.
Steps to reproduce:
1. In IE 11 Go to editor demo http://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx
2. Click HTML view and delete everything
3. Copy this into editor
<html>
<head>
<title></title>
</head>
<body>
<table>
<tbody>
<tr>
<td style="color: #000000;">Lorem ipsum</td>
</tr>
</tbody>
</table>
</body>
</html>
4. Go to design mode highlight some text and click on the "Foreground color" button, select the clear choice (upper left)
5. Web page hangs with long running script error. (It has something to do with that style on the TD)