Hi,
I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.
The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.
.png){kind=avatar}
Steps to reproduce in an editor with enabled track changes mechanism:
- Insert a table
- Insert a new line after it (paragraph)
- Insert another table
- Hit the Undo (or Ctrl+Z)
- The second table is removed (as expected) but also the first table lost its track-changes formatting (which is unexpected).
Hello Team,
In Editor, proportional resize of image (by holding Shift and dragging) is not working unlike in Word.
Could you please suggestion for adding the same in Editor.
Thanks.
When inserting video in Telerik Editor, radEditor by default inserts it using <embed>.
This element is not supported by Edge. Many modern browsers now support/recommend to use of the <video> tag.
So, that it will render video in most of Chromium browsers out there.
In order to support the described situation in your project you need to further implement a custom logic that transforms the img's src's value to base46. You can find attached an example which you can follow.
Hi Team,
I would like to request the following image file extensions to be displayable using the RadEditor's ImageManager/DocumentManager.
- abci
- avif
- heif
- heic
- webp
Thank you!
As Bootstrap is the industry standard for website and app grids, a very powerfull addition for RadEditor would be a Bootstrap grid builder like this one:
https://www.youtube.com/watch?v=WQZ9zcf_ZRo
How cool would that be, building your Bootstrap parts in the Editor itself. Did anyone try this? Any hints on how one could build this functionality.
Let me know if we could collaborate to get something like this.
Thanks,
Marc
If the Track Changes feature is enabled Japanese and Korean languages are not detected as modified. The added text is not highlighted.
these pages shows the accessibility standards for tables.
https://www.w3.org/WAI/tutorials/tables/
https://www.w3.org/WAI/tutorials/tables/two-headers/
https://www.w3.org/WAI/tutorials/tables/irregular/
For these two sub links "Tables with two headers" & "Tables with irregular headers", they are looking for "scope=col", "scope=row", "scope=colgroup", "scope=rowgroup".
There doesn't seem to be any built in support for "scope" to be added when using the table wizard, having set on the Accessibility tab a Heading for both a Row & Column.
Add support for "scope" be added to tables created in the Rich Text Editor.
(https://www.telerik.com/forums/table-wizard---scope-attribute-for-tables#XKGf9DNED0a8Cdxvzh7Qvg)
I found the Rad Editor track changes feature as useful control in telerik. As many software or finance companies have their operations going on, on each stage they would require to change their BRD, UD, Product Documents etc. to keep track of the change the editor is useful.
I would like to add some points for improvement, that we have costumized in our portal.
1) Listing of all the changes in left side of the editor (Added/ Deleted/ Replaced).
2) Can track text replacement also.
Thank you,
Shubham
When track changes disabled the backspace is OK: - User typed two lines (1) & (2) - At the beginning of the line (2) user presses the backspace key, it successfully appended the line (2) with line (1) (where there was a space available). When track changes enabled the backspace does not work as expected: - User typed two lines (1) & (2) - At the beginning of the line (2) user presses the backspace key, it removes the end of the character in line (1).
How to replicate the issue 1. Using the attached document, TestSample1.docx, copy and paste the content into the RADEditor and choose to remove Word Format. 2. Observe the styling and the format of the pasted content in the editor. You will notice that the table will not appear properly and the font styling and size and all remove instead of converted. 1. Using the attached document, TestSample2.docx, copy and paste the content into the RADEditor and choose to remove Word Format. 2. Observe the styling and format of the pasted content in the editor. In this case, you will notice that the table is intact and font styling and size are converted to HTML format. The difference between the TestSample1.docx and TestSample2.docx is one has numbering in Heading. The numbering appears to have affected the result of pasted content from MS Words. The expected behaviour would be the same as the test result from TestSample2.
Given you have a table, where a row has multiple cells containing rowspans.
And there are also cells with no rowspan between them.
E.g. Starting HTML
<table>
<tbody>
<tr>
<td rowspan="2">A1</td>
<td>B1</td>
<td rowspan="2">C1</td>
</tr>
<tr>
<td>B2</td>
</tr>
</tbody>
</table>When you delete the row (E.g. delete row 1 in the example above).
Then the cells in the resulting table are in the wrong columns.
E.g. Result HTML
<table>
<tbody>
<tr>
<td>A1</td>
<td>C1</td>
<td>B2</td>
</tr>
</tbody>
</table>Cells C1 and B2 are in the incorrect columns.
The desired outcome of deleting row 1 would be for all cells to remain in their original columns.
E.g. Desired Result HTML
<table>
<tbody>
<tr>
<td>A1</td>
<td>B2</td>
<td>C1</td>
</tr>
</tbody>
</table>Bug is reproducible in RadEditor demo using Starting HTML above (in various browsers).
Thank you,
Shane
RadEditor does not offer resx localization for the following Track Changes strings "Inserted by ", "Formatted by ", "Deleted by " as well as for the strings in the Comments dialog: Title, Save, Cancel and Edit.
Hello Telerik Team,
This is regarding The SpellCheck functionality in the Telerik Editor. Basically whenever a user activates the the SpellCheck from the "✓abc" button, the page automatically scrolls based on the position of the word. This does not give a good user experience and makes it difficult to work on the page.
We have seen this issue in the demos you have on your site as well.
URL: https://demos.telerik.com/aspnet-ajax/editor/examples/spellchecker/defaultcs.aspx
To Replicate go to this URL and follow the process below:
- Click on the "✓abc" button at the top left corner of the editor (1 In Image).
- Notice that the "Suggestion box" scroll the whole page. (2 In Image)
- Also, if you click on any other word (marked in YELLOW) in the editor, the same issue can be replicated. (3 In Image)
For your reference, we have attached a screenshot of the editor we have in our website.
Let us know if you require any further information to debug it.
Thank you,
Prateek Sanganeria
Images in a RadEditor can be resized two ways:
1. Using the image properties dialog and keying in width/height. The aspect ratio can be locked here so that keying in width updates height accordingly, and vice versa.
2. Clicking and dragging the resize handles. This does not maintain the aspect ratio of the image, even when the aspect ratio lock option is enabled in the image properties dialog.
Request: That the image aspect ratio lock option in the image properties dialog applies when dragging the resize handles.
We are using CDN and combined scripts as much as possible, and have run into an issue with the RadEditor and applying custom CSS Classes break, e.g. the applied CSS class on the selected content gets stripped for example from
.laystyle
to
.l