I have a RadEditor that is rendered in mobile mode on a mobile device emulator in Chrome browser.
For this editor, I have subscribed to OnClientCommandExecuted event. The event fires, but the problem is that it fires twice for ToggleScreenMode command.
To reproduce this issue, you can use the page code below and render it in Chrome mobile emulator; then press on edit pencil button followed by clicking the check button.
<%@ Page https://goo.gl/ddHuHyLanguage="C#" AutoEventWireup="true" %>
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Command event firing twice for ToggleScreenMode in Mobile Render Mode</title>
<meta name="viewport" content="width=device-width,intial-scale=1.0, maximum-scale= 1.0,,user-scalable=no"/>
</head>
<body>
<form id="form1" runat="server">
<telerik:RadScriptManager ID="RadScriptManager1" runat="server">
<Scripts>
<asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js"></asp:ScriptReference>
<asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js"></asp:ScriptReference>
<asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js"></asp:ScriptReference>
</Scripts>
</telerik:RadScriptManager>
<div>
<telerik:RadEditor ID="RadEditor1" runat="server" AutoResizeHeight="True" RenderMode="Auto" OnClientCommandExecuted="CommandExecuted" Width="99%">
</telerik:RadEditor>
</div>
<script>
function CommandExecuted(sender, args) {
if (args.get_commandName() === "ToggleScreenMode" && (typeof sender.isFullScreen() === "undefined" ||
sender.isFullScreen() === false)) {
alert("Command Executed Fired for ToggleScreenMode");
}
}
</script>
</form>
</body>
</html>
Workaround:
<telerik:RadEditor ID="RadEditor1" runat="server" AutoResizeHeight="True" RenderMode="Auto" OnClientCommandExecuted="CommandExecuted" Width="99%">
<Content>dadas</Content>
</telerik:RadEditor>
<script>
function CommandExecuted(editor, args) {
if (args.get_commandName() == "ToggleScreenMode") {
var goingIntoReadMode = $telerik.$(editor.get_element()).find(".reIcon.reIconEditContent").is(":visible");
if (goingIntoReadMode == false) {
editor.__modifiedContentAlready = false;
//modify content for edit mode
console.log("modify content for edit mode")
}
if (goingIntoReadMode == true && editor.__modifiedContentAlready == false) {
//modify content for read mode
console.log("modify content for read mode");
editor.__modifiedContentAlready = true;
}
}
}
</script>
Using the latest 2022.3.1109.45, our web application is catching "Invalid Resource Request" exceptions when the Windows7 or Vista (maybe others too) loads the "Editor" control in "Classic" mode. By decoding the URL, the control is having problems locating the image below
WebR
Error Message: This is an invalid webresource request.
Telerik.Web.UI.Skins|Telerik.Web.UI.Skins.Vista.Editor.ToolbarVerticalSprites.gif
Telerik.Web.UI.Skins|Telerik.Web.UI.Skins.Windows7.Editor.ToolbarSprites.gif
Change the skin of the radeditor in the default.aspx to another skin such as "metro" and the problem will not happen. It works OK at least on Black, Metro and Silk but haven't tested others, you can tell it doesn't work when the divider bars in the editor toolbar don't appear properly.
Hi,
I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.
The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.
When using RadEditor with the StripDomEventAttributes content filter enabled, script execution can still occur when switching from HTML to Design mode.
Certain HTML and SVG elements containing attributes such as onload, onclick, or href/to values that start with javascript: are not fully sanitized before the editor’s content is rendered in Design view. As a result, embedded script code can run during the mode transition even though the anti-script filter is active.
Reproduction steps:
Add a RadEditor with the default filters:
<telerik:RadEditor runat="server" ID="RadEditor1"
ContentFilters="DefaultFilters,StripDomEventAttributes">
</telerik:RadEditor>
<svg/onload=alert(1)><svg> <svg onload=alert(1)><svg> # newline char <svg onload=alert(1)><svg> # tab char <svgonload=alert(1)><svg> # new page char (0xc)
Hi,
We are using Material Theme in our application. We see the problem in Rad Editor's Ribbon. Some icons are overlapping the Text. In the demo, it seems to be same behavior.
Regards,
Jamil
Steps to Reproduce: 1. Insert a table and add some data to the table in Chrome 2. Above the Table, insert some text 3. Highlight the text and drag cursor to highlight half of the data in the table 4. Hit Delete on your keyboard Result: The colgroup is removed from the table
I am experiencing an issue in the Telerik Rad Editor where, after copying and pasting a long sentence in a single line, if I apply bold formatting to a word and place the cursor at the beginning of the bolded word, pressing Enter results in an empty line being inserted between the text. This behavior is reproducible on the Telerik webforms editor demo site as well.
I would appreciate any guidance on how to resolve this issue. Thanks in advance.
<telerik:RadTabStrip runat="server" ID="RadTabStrip2" MultiPageID="RadMultiPage2" SelectedIndex="0"> <Tabs> <telerik:RadTab Text="Add Response"></telerik:RadTab> </Tabs></telerik:RadTabStrip><telerik:RadMultiPage runat="server" ID="RadMultiPage2" SelectedIndex="0"> <telerik:RadPageView runat="server" ID="RadPageView11"> <telerik:RadEditor Width="100%" EditModes="Design" ID="reReqCom" runat="server" ContentAreaCssFile="~/AppRoot/Xml/RadEditor/EditorContentArea.css" ToolsFile="~/AppRoot/Xml/RadEditor/BasicTools.xml" Skin="Material" /> </telerik:RadPageView></telerik:RadMultiPage>Steps to reproduce: 1. go to demo url http://demos.telerik.com/aspnet-ajax/editor/examples/edittemplate/defaultcs.aspx 2. click add new record 3. try to manually resize editor. it won't. 4. click add new record again. 5 try to manually resize editor, now it will.
Workaround is to add the following function override at the end of the page (a sample is attached below)
Telerik.Web.UI.Editor.Utils.isWindowDestroyed = function (window) {
var doc;
try{
doc = window.document;
} catch (e) {
return true;
}
if(Telerik.Web.Browser.safari && !doc){
return true;
}
return !doc.defaultView && !doc.parentWindow;
}
It is a common scenario users to start selecting text and accidental trigger mouseup event outside of the content area. Still, the focus is inside RadEditor and InlineEditCompleted event should not fire.
Possible workaround:
<telerik:RadEditor runat="server" ID="RadEditor1" EditType="Inline"
OnClientLoad="OnClientLoad" OnClientInlineEditCompleted="OnClientInlineEditCompleted">
<Content>
some text
</Content>
</telerik:RadEditor>
<script>
function OnClientInlineEditCompleted(sender, args) {
if (sender._editCompleted) {
alert("Fired!");
}
}
function OnClientLoad(sender, args) {
$telerik.$(document).on("mouseup", function (e) {
if (e.target === sender.get_contentArea() || e.target === sender.get_textArea()) {
sender._editCompleted = true;
}
})
$telerik.$(document).on("mousedown", function (e) {
if (e.target === sender.get_contentArea() || e.target === sender.get_textArea()) {
sender._editCompleted = false;
} else {
sender._editCompleted = true;
}
})
}
</script>
When I want to clear a class in the RadEditor the class is cleared in the hyperlink manager, but not in the area in the footer of the RadEditor.
If 'clear class' is selected nothing happens.
When using Metro skin, if I click on a disabled button (Undo, Redo, Unlink and so on), its icon disappears until I click outside it.
https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx?skin=Metro
This does not happen with MetroTouch, Silk or Default skin. How do I replicate the same behavior with Metro skin?
In R3 2016 SP1 when a RadEditor with RenderMode=Classic is disposed and RadScriptManager is used, a JavaScript error is thrown:
IE: Object doesn't support property or method 'dispose'
Chrome: Uncaught TypeError: this._contextMenuFunctionality.dispose is not a function
FIXED in R3 2016 SP2 (2016.3.1027)
There are three workarounds:
- Set EnableScriptCombine to false for the RadScriptManager (not applicable when CDN is used)
- OR set RenderMode=Lightweight for the RadEditor (you can do this in the web.config for all control instance in the web app if they do not define the Classic mode exiplicitly)
- OR add the following function override at the end of your page:
<telerik:RadScriptManager ID="RadScriptManager1" runat="server" >
</telerik:RadScriptManager>
<%-- WORKAROUND 1: SET EnableScriptCombine="false" TO RADSCRIPTMANAGER--%>
<asp:Button ID="Button1" Text="click to postback and break the editor" runat="server" />
<telerik:RadEditor ID="txtInstructions" runat="server">
</telerik:RadEditor>
<%-- WORKAROUND 2: SET RenderMode="Lightweight" TO RADEDITOR--%>
<%--WORKAROUND 3: ADD THE FOLLOWING SCRIPT TO THE END OF THE FORM--%>
<script>
Telerik.Web.UI.Editor.DefaultToolAdapter.prototype.dispose = function ()
{
delete this._fakeToolbarParentCreated;
var toolbars = this._getToolBarElements();
if (toolbars) {
for (var i = 0; i < toolbars.length; i++) {
$clearHandlers(toolbars[i]);
}
}
this._tools = [];
this._disposeToolbarModeHandlers();
var wnd = this._toolbarHolder;
if (wnd && wnd.dispose) wnd.dispose();
var contextMenuFunctionality = this._contextMenuFunctionality;
if (contextMenuFunctionality && contextMenuFunctionality.dispose) contextMenuFunctionality.dispose();
Telerik.Web.UI.Editor.DefaultToolAdapter.callBaseMethod(this, "dispose");
}
</script>