The InsertLink light dialog has a typo in the for attribute of the URL label, causing a case mismatch with the input's id. This results in accessibility tools like Wave and SortSite reporting the URL textbox as an unlabeled control.
Steps to Reproduce
1. Add a RadEditor with EnableAriaSupport="true" to a page
2. Ensure the InsertLink tool is enabled (it is by default)
3. Click the InsertLink toolbar button to open the dialog
4. Run an accessibility audit using Wave, SortSite, or inspect the DOM

Expected Behavior
The label's for attribute should match the input's id attribute exactly, allowing accessibility tools to correctly associate the label with the input.

Actual Behavior
• Label has for="LinkURL" (uppercase "URL")
• Input has id="LinkUrl" (mixed case "Url")
Since HTML for/id matching is case-sensitive, the label is not properly associated with the input control.

Affected File
InsertLink.ascx

## Description
When RadEditor switches to HTML mode, a `<textarea>` with class `reTextArea` is dynamically created. This textarea lacks proper accessibility attributes, causing WCAG accessibility tools (e.g., Wave) to flag it as an unlabeled form control.

## Steps to Reproduce
1. Create a RadEditor with `EnableAriaSupport="true"`
2. Switch to HTML mode
3. Run Wave or similar accessibility checker
4. Observe the textarea is flagged as "missing form label"

## Expected Behavior
When `EnableAriaSupport` is enabled, the HTML mode textarea should have:
- `aria-label` attribute to identify its purpose
- `aria-hidden="true"` when in Design mode (hidden state)

## Fix
Added ARIA attributes in `_getHtmlModeTextarea()` and toggle `aria-hidden` in `_showTextArea()` based on `EnableAriaSupport` setting.

https://demos.telerik.com/aspnet-ajax/editor/examples/rendermodes/defaultcs.aspx?skin=Bootstrap

The sizes of the Document Manager & Generate ID buttons in the Hyperlink Manager dialog in Lightweight don't look correct - maybe they should be the same height as the textbox?

Problem
When using RadEditor with Track Changes and Comments features enabled and a non-English language setting (e.g., Language="pt-BR"), the confirmation and result dialog titles for bulk operations display mixed language content.

Affected dialogs:

• Remove All Changes
• Remove All Comments
• Accept All Changes
• Reject All Changes

Example of incorrect behavior:

• Expected title: "Remover Todas as Alterações" (Portuguese)
  
• Actual title: "Remover Comentário All Changes" (mixed Portuguese + English)

Steps to Reproduce

1. Configure RadEditor with EnableTrackChanges="true" and EnableComments="true"
2. Set Language="pt-BR" (or any non-English language)
3. Add some track changes or comments to the content
4. Click on "Remove All Comments" or use any bulk track changes operation
5. Confirm the action by clicking OK
6. Observe the dialog title in the result alert
   
   

Steps to reproduce:

1. Enable the PdfExportFilter filter
2. Open the page with RadEditor in the browser
3. Insert a table element
4. Select the Table in the Node Inspector and apply a width of 500px
5. Switch to HTML mode and you'll notice that the width attribute/inline style has gone

Dear support,

we've recently updated to the Telerik version 2025.4.1210.462 and are experiencing issues with the (relatively) new RadEditor filter EditorFilters.StripCssExpressions. In particular, setting the RadEditor.Content and rendering the RadEditor object drastically tanks performance in certain situations.

We're aware of the web.config setting to increase the Telerik.RegexMatchTimeout, but for a 79KiB content to be rendered basically instantaneously with the previously mentioned filter being explicitly disabled to take 23+ seconds to render if the filter is enabled is quite shocking to me.

Please find a simple sample page (including the content-value) attached.

We'd really like to use the new security features of the RadEditor, but given this performance impact, we'll be unable to ship this feature as-is.

(Off-topic: We're currently evaluating to re-enable the EditorFilters.StripJavaScriptUris which removed our base64-encoded images in the November release of Telerik, but got fixed with the December release.)

Thanks in advance for investigating this issue and I'll be awaiting your feedback.

Kind regards

Hi 

I have a RadEditor control where some toolbar functionalities are not working.

After searching for a possible reason, I used the OnClientCommandExecuting client-side event and noticed that sometimes, instead of the args with its value, I found the item of a RadTreeList control present on the page.

I tried to reproduce the issue by inserting an Editor and a TreeList on a page. I write some text in the Editor and try to change the color or background. Not always (and I can't figure out when), but sometimes the args are incorrect.

For example, if I open a node of the tree, the error is almost certain after that.

I send you an image of my javascript debugger.

I don't know what I can do, do you have any ideas?

Thanks

Michela

There are some areas within the RADEditor that do not support localization:

1. Alerts for Accept All and Reject All track changes.
2. The Comments user interface.
3. Certain strings in the Undo menu.

See attached.

Hi,

As per title and I also find out it able to reproduce in the demo site: https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx

Step:

1. Change to 'HTML' mode.

2. Open 'Find And Replace' dialog.

3. Enter a word to find and hit the 'Find' button.

Notice that the word does not get highlighted. It only happens in 'HTML' mode, 'Design' mode working fine.

Please help as this feature is very useful in my project.

Thank you.

Steps to Reproduce

1. Open a page containing RadEditor with some content in it
2. In Design mode, select all text (Ctrl+A)
3. Delete the selected text
4. Switch to HTML mode
5. Switch back to Design mode
6. Press Ctrl+Z (Undo) a couple of times.
   

Current Result

• A JavaScript error is thrown in the browser console
• The undo operation fails to restore the deleted content
• Error occurs in _updateBrowserRangeStart method when calling this.range.setStart(e, t)

Expected Result

• The undo operation should work without errors
• The previously deleted text should be restored
• No JavaScript errors should appear in the console

Hi, 

We need to add an aria-label attribute to the RadEditor toolbar link buttons to match the title attribute text. I have been successful using JQuery on other controls to improve accessibility, but this one is not working. It appears because the link button is not rendered since is a pseudo element using the ::before. I have been unable to inject the attribute on page load. 

The issue is for screen readers the editor buttons are not announced when using the arrow key navigation which is called virtual mode. The buttons do announce when using the tab key which is called forms mode.

If this can be a bug fix it would benefit everyone, otherwise, if you have a code suggestions that is helpful. Image attached. 

Thank you.

The newly introduced StripJavaScriptUris security filter is incorrectly identifying and removing legitimate base64-encoded image data URIs (e.g., data:image/png;base64,...) from RadEditor content. The filter treats these safe image URIs as potential XSS threats and strips them along with dangerous JavaScript URIs.

I have a RadEditor that is rendered in mobile mode on a mobile device emulator in Chrome browser.
For this editor, I have subscribed to OnClientCommandExecuted event. The event fires, but the problem is that it fires twice for ToggleScreenMode command.
To reproduce this issue, you can use the page code below and render it in Chrome mobile emulator; then press on edit pencil button followed by clicking the check button.

<%@ Page https://goo.gl/ddHuHyLanguage="C#" AutoEventWireup="true" %>
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Command event firing twice for ToggleScreenMode in Mobile Render Mode</title>
    <meta name="viewport" content="width=device-width,intial-scale=1.0, maximum-scale= 1.0,,user-scalable=no"/>
</head>
<body>
    <form id="form1" runat="server">
         <telerik:RadScriptManager ID="RadScriptManager1" runat="server">
            <Scripts>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js"></asp:ScriptReference>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js"></asp:ScriptReference>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js"></asp:ScriptReference>
            </Scripts>
        </telerik:RadScriptManager>
    <div>
    <telerik:RadEditor ID="RadEditor1" runat="server" AutoResizeHeight="True" RenderMode="Auto" OnClientCommandExecuted="CommandExecuted" Width="99%">
            </telerik:RadEditor>
    </div>
        <script>
            function CommandExecuted(sender, args) {
                if (args.get_commandName() === "ToggleScreenMode" && (typeof sender.isFullScreen() === "undefined" ||
                    sender.isFullScreen() === false)) {
                    alert("Command Executed Fired for ToggleScreenMode");
                }
            }
        </script>
    </form>
</body>
</html>

Workaround:
<telerik:RadEditor ID="RadEditor1" runat="server" AutoResizeHeight="True" RenderMode="Auto" OnClientCommandExecuted="CommandExecuted" Width="99%">
    <Content>dadas</Content>
</telerik:RadEditor>
<script>
    function CommandExecuted(editor, args) {
        if (args.get_commandName() == "ToggleScreenMode") {
            var goingIntoReadMode = $telerik.$(editor.get_element()).find(".reIcon.reIconEditContent").is(":visible");
 
            if (goingIntoReadMode == false) {
                editor.__modifiedContentAlready = false;
                //modify content for edit mode
                console.log("modify content for edit mode")
            }
            if (goingIntoReadMode == true && editor.__modifiedContentAlready == false) {
                //modify content for read mode
                console.log("modify content for read mode");
                editor.__modifiedContentAlready = true;
            }
        }
    }
</script>

1. In Design mode, select all text (Ctrl + A) and delete it.
2. Switch to HTML mode.
3. Switch back to Design mode.
4. Press Ctrl + Z (Undo).

• The first Ctrl + Z has no effect; the deleted text is restored only after pressing Ctrl + Z a second time.

Using the latest 2022.3.1109.45, our web application is catching "Invalid Resource Request" exceptions when the Windows7 or Vista (maybe others too) loads the "Editor" control in "Classic" mode.    By decoding the URL, the control is having problems locating the image below

WebResource.axd?d=ZHkUja8e5EF7zNoz8IiY_kAGH7MBQgCnq0BEYT2AtFLv57GDfGbEymwRG8H68WuiE_6l2fpZpqb_FzVc_OItknX-LMTzvQOwC0Mk8HaCtGvNzWl-5nNlZ6xpbOjNSk4A0QtPGtyV0UA-BWX4bOfPU8EI30eAVg8UO6p7yERiuEbCUoiZOGUevYGPdrNVvPel0&t=638034624000000000
Error Message: This is an invalid webresource request.

Telerik.Web.UI.Skins|Telerik.Web.UI.Skins.Vista.Editor.ToolbarVerticalSprites.gif

Telerik.Web.UI.Skins|Telerik.Web.UI.Skins.Windows7.Editor.ToolbarSprites.gif

Change the skin of the radeditor in the default.aspx to another skin such as "metro" and the problem will not happen.    It works OK at least on Black, Metro and Silk but haven't tested others, you can tell it doesn't work when the divider bars in the editor toolbar don't appear properly.

Hi,

I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.

The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.

When using RadEditor with the StripDomEventAttributes content filter enabled, script execution can still occur when switching from HTML to Design mode.

Certain HTML and SVG elements containing attributes such as onload, onclick, or href/to values that start with javascript: are not fully sanitized before the editor’s content is rendered in Design view. As a result, embedded script code can run during the mode transition even though the anti-script filter is active.

Reproduction steps:

Add a RadEditor with the default filters:

<telerik:RadEditor runat="server" ID="RadEditor1"
    ContentFilters="DefaultFilters,StripDomEventAttributes">
</telerik:RadEditor>

1. Load the page.
2. Switch the editor to HTML mode.
3. Paste any of the following samples (look below)
4. Switch to Design view
5. Watch alerts

<svg/onload=alert(1)><svg>
<svg
onload=alert(1)><svg> # newline char
<svg	onload=alert(1)><svg> # tab char
<svgonload=alert(1)><svg> # new page char (0xc)

 

 

 

In earlier versions of the editor, the css class was applied to the image tag itself, which is the correct way to do it. Otherwise the applied css class has no effect on the image.

When we edit the widget > click on the table on a random cell > select Table Properties > The table wizard will always default to the top left cell > This is working as expected.
If you click in the table (not the editor) and select Cell Properties > the wizard will display (highlight) the cell you selected in the table is it expected that when selecting table properties it always default to the left side first box but when selecting cell properties it will show the current cell which we are in.

video link:- https://jam.dev/c/c1cdf56c-53ab-4218-8774-65907b3efd6d