Unplanned
Last Updated: 18 Jan 2024 12:41 by ADMIN
ADMIN
Created by: Rumen
Comments: 10
Category: ScriptManager
Type: Feature Request
9
Subresource Integrity is a fairly new security scheme for protecting against malicious script obtained from third-party source (CDNs). It requires that the script tag include a hash of the script content so the browser can verify that it has not been altered.

Telerik controls generate a bunch of script tags for cloudfront.net. It would be swell if the script tags would include the extra attributes necessary to implement subresource integrity. Is this in the roadmap? 

Mozilla provides a security analysis tool which highlights this issue. Look at the results for telerik.com here -> https://observatory.mozilla.org/analyze/www.telerik.com. 

More info available on 
https://infosec.mozilla.org/guidelines/web_security#subresource-integrity
https://www.w3.org/TR/SRI/
Declined
Last Updated: 12 May 2020 13:32 by ADMIN
Created by: David
Comments: 1
Category: ScriptManager
Type: Feature Request
0
Since JQuery is such a small addition to your assembly wouldn't it be nice if a developer could select what version to use. So as a property I'd like useEmbeddedJqueryVersion with enums of 1,2,3 or none. This should also give you feedback on what controls need updating. 
Unplanned
Last Updated: 08 Apr 2020 14:08 by ADMIN
Created by: Doug
Comments: 1
Category: ScriptManager
Type: Feature Request
1
When you pull in BootStrap there are additional attributes such as 'crossorigin="anonymous"  and integrity="...."  '
How can these be added to Script Manager and CSS manager?
Likewise, there would a separation between bootstraps layout and the skin that Telerik an provide. This gives the advantage of it being BootStrap compliant, but with all the skins that Telerik offer, making re-skinning easier. This is one of the biggest bug bares of designing a site with Telerik, is the post-production work on CSS by a third party, as its not 'standards compliant'  by which they mean its not like a normal Bootstrap site that they are familiar with.
Thanks
Doug



<link rel="stylesheet" href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css 

integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" 

crossorigin="anonymous">
<link rel="stylesheet" href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css 

integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" 

crossorigin="anonymous">
<script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js 

integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" 

crossorigin="anonymous"></script>
Unplanned
Last Updated: 26 Jun 2019 09:25 by ADMIN

There is a bug with combining scripts and resources:

Combined CDN Request for Telerik Controls

You can reproduce the issue in the attached web site sample.

Completed
Last Updated: 13 Dec 2018 16:58 by ADMIN
Created by: Lars
Comments: 1
Category: ScriptManager
Type: Feature Request
1
During penetration tests we have to let carry out we allways run into problems with version disclosures originating from the embedded scripts and the Telerik.Web.UI.
To keep updates of the telerik components easy and to stay out of version incompatibilities we would like to keep using the embedded scripts.
Atm this is even more unlucky because the still, or again, used JQuery version 1.12.4 is known to be vulnerable to Cross-site Scripting (XSS) attacks.

Our request would now be to at least remove the version comments from the embedded script files and the exact version of the Telerik.Web.UI in the links created to the Webresource.axd.



Declined
Last Updated: 04 Oct 2017 11:13 by ADMIN
ADMIN
Created by: Peter Filipov
Comments: 5
Category: ScriptManager
Type: Feature Request
36
The script tags should contain "defer" attribute.

Resolution: You can set the LoadScriptsBeforeUI property of the script manager to false so that the scripts will render as late in the page as possible (just above the inline <script> that MS AJAX generates for the $create() statements). This will provide benefit nearly identical to the defer feature, but it does not risk breaking existing functionality. More information on the property:  https://msdn.microsoft.com/en-us/library/system.web.ui.scriptmanager.loadscriptsbeforeui(v=vs.110).aspx
Won't Fix
Last Updated: 27 Sep 2017 12:31 by ADMIN
When it is not possible to load scripts/styles from CDN, the scripts and styles should be loaded from embedded resources.

Please monitor this item as it was the original and has more votes: https://feedback.telerik.com/Project/108/Feedback/Details/119156-add-cdn-fallback-to-local-support-added-to-radscriptmanager-radstylesheetmanager
Unplanned
Last Updated: 07 Oct 2016 08:34 by ADMIN
<telerik:RadScriptManager ID="RadScriptManager1" runat="server">

                <CdnSettings TelerikCdn="Enabled" CombinedResource="Enabled"></CdnSettings>
                <Scripts>
                    <telerik:RadScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js" />
                    <telerik:RadScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js" />
                    <telerik:RadScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js" />
                </Scripts>
            </telerik:RadScriptManager>

            <script>
                function pageLoad() {
                    var grid = $find("<%=RadGrid1.ClientID%>");
                    alert(grid._showFilterMenu);
                }
            </script>


            <telerik:RadGrid ID="RadGrid1" runat="server" AllowPaging="True" Width="800px" OnNeedDataSource="RadGrid1_NeedDataSource">
                <MasterTableView AutoGenerateColumns="False" DataKeyNames="OrderID">
                    <Columns>
                        <telerik:GridBoundColumn DataField="OrderID" DataType="System.Int32"
                            FilterControlAltText="Filter OrderID column" HeaderText="OrderID"
                            ReadOnly="True" SortExpression="OrderID" UniqueName="OrderID">
                        </telerik:GridBoundColumn>
                        <telerik:GridDateTimeColumn DataField="OrderDate" DataType="System.DateTime"
                            FilterControlAltText="Filter OrderDate column" HeaderText="OrderDate"
                            SortExpression="OrderDate" UniqueName="OrderDate">
                        </telerik:GridDateTimeColumn>
                        <telerik:GridNumericColumn DataField="Freight" DataType="System.Decimal"
                            FilterControlAltText="Filter Freight column" HeaderText="Freight"
                            SortExpression="Freight" UniqueName="Freight">
                        </telerik:GridNumericColumn>
                        <telerik:GridBoundColumn DataField="ShipName"
                            FilterControlAltText="Filter ShipName column" HeaderText="ShipName"
                            SortExpression="ShipName" UniqueName="ShipName">
                        </telerik:GridBoundColumn>
                        <telerik:GridBoundColumn DataField="ShipCountry"
                            FilterControlAltText="Filter ShipCountry column" HeaderText="ShipCountry"
                            SortExpression="ShipCountry" UniqueName="ShipCountry">
                        </telerik:GridBoundColumn>
                    </Columns>
                </MasterTableView>
            </telerik:RadGrid>

			
Won't Fix
Last Updated: 21 Sep 2016 13:04 by ADMIN
The scripts of the controls are not combined in a single request, when the web.config key Telerik.ScriptManager.TelerikCdn.CombinedResource has value Enabled:

Steps to reproduce
1. Ad the following configuration in the web config and open a page containing RadControl.

<appSettings>
    <add key="Telerik.ScriptManager.TelerikCdn" value="Enabled"/>
    <add key="Telerik.ScriptManager.TelerikCdn.CombinedResource" value="Enabled" />
  </appSettings>

Result: The scripts are not combined.


Workaround:

Enable the script combining in the ScriptManager declaration:

    <telerik:RadStyleSheetManager runat="server">
        <CdnSettings CombinedResource="Enabled" TelerikCdn="Enabled" />
    </telerik:RadStyleSheetManager>
Declined
Last Updated: 10 Apr 2014 13:50 by ADMIN
Declined
Last Updated: 01 Nov 2013 13:06 by Makoto
Created by: Coder
Comments: 3
Category: ScriptManager
Type: Bug Report
0
Hi all, 

when I update IIS, I get the following error on each page with Telerik. When I click F5 (refresh), the page loads well and dont appear anymore. I'm using Win 2003 and Win 2008 with IIS.

System.OverflowException: Arithmetic, casting or conversion operation overflowed or underflowed. (Exception from HRESULT: 0x80131516)
   at System.Reflection.PseudoCustomAttribute._GetSecurityAttributes(RuntimeModule module, Int32 token, Boolean assembly, Object[]& securityAttributes)
   at System.Reflection.PseudoCustomAttribute.GetCustomAttributes(RuntimeAssembly assembly, RuntimeType caType, Boolean includeSecCa, Int32& count)
   at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeAssembly assembly, RuntimeType caType)
   at System.Reflection.RuntimeAssembly.GetCustomAttributes(Boolean inherit)
   at System.Web.UI.AssemblyCache.GetAjaxFrameworkAssemblyAttribute(Assembly assembly)
   at System.Web.UI.ScriptManager.get_DefaultAjaxFrameworkAssembly()
   at System.Web.UI.ScriptManager..ctor()
   at Telerik.Web.UI.RadScriptManager..ctor()

Regards,
Rastislav 
Declined
Last Updated: 01 Nov 2013 13:06 by sitefinitysteve
Created by: sitefinitysteve
Comments: 2
Category: ScriptManager
Type: Feature Request
2
I hate the stupid asp script managers...they're so ghetto with the .axd files always hosing our yslow\pagespeed scores, etc.

Since your focus is no on css3\html5\lightweight rendering can you guys not come up a better way to bundle your scripts such that they render properly cached to the footer...maybe take a dependancy for that on system.web.optimization or something?

...maybe some sort of requireJS integration or...?

Please feel free to think out of the box instead of being stuck into the asp.net crapballs bloat framework.