Unplanned
Last Updated: 18 Jan 2024 12:41 by ADMIN
ADMIN
Created by: Rumen
Comments: 10
Category: ScriptManager
Type: Feature Request
9
Subresource Integrity is a fairly new security scheme for protecting against malicious script obtained from third-party source (CDNs). It requires that the script tag include a hash of the script content so the browser can verify that it has not been altered.

Telerik controls generate a bunch of script tags for cloudfront.net. It would be swell if the script tags would include the extra attributes necessary to implement subresource integrity. Is this in the roadmap? 

Mozilla provides a security analysis tool which highlights this issue. Look at the results for telerik.com here -> https://observatory.mozilla.org/analyze/www.telerik.com. 

More info available on 
https://infosec.mozilla.org/guidelines/web_security#subresource-integrity
https://www.w3.org/TR/SRI/
Unplanned
Last Updated: 08 Apr 2020 14:08 by ADMIN
Created by: Doug
Comments: 1
Category: ScriptManager
Type: Feature Request
1
When you pull in BootStrap there are additional attributes such as 'crossorigin="anonymous"  and integrity="...."  '
How can these be added to Script Manager and CSS manager?
Likewise, there would a separation between bootstraps layout and the skin that Telerik an provide. This gives the advantage of it being BootStrap compliant, but with all the skins that Telerik offer, making re-skinning easier. This is one of the biggest bug bares of designing a site with Telerik, is the post-production work on CSS by a third party, as its not 'standards compliant'  by which they mean its not like a normal Bootstrap site that they are familiar with.
Thanks
Doug



<link rel="stylesheet" href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css 

integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" 

crossorigin="anonymous">
<link rel="stylesheet" href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css 

integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" 

crossorigin="anonymous">
<script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js 

integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" 

crossorigin="anonymous"></script>
Unplanned
Last Updated: 26 Jun 2019 09:25 by ADMIN

There is a bug with combining scripts and resources:

Combined CDN Request for Telerik Controls

You can reproduce the issue in the attached web site sample.

Unplanned
Last Updated: 07 Oct 2016 08:34 by ADMIN
<telerik:RadScriptManager ID="RadScriptManager1" runat="server">

                <CdnSettings TelerikCdn="Enabled" CombinedResource="Enabled"></CdnSettings>
                <Scripts>
                    <telerik:RadScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js" />
                    <telerik:RadScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js" />
                    <telerik:RadScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js" />
                </Scripts>
            </telerik:RadScriptManager>

            <script>
                function pageLoad() {
                    var grid = $find("<%=RadGrid1.ClientID%>");
                    alert(grid._showFilterMenu);
                }
            </script>


            <telerik:RadGrid ID="RadGrid1" runat="server" AllowPaging="True" Width="800px" OnNeedDataSource="RadGrid1_NeedDataSource">
                <MasterTableView AutoGenerateColumns="False" DataKeyNames="OrderID">
                    <Columns>
                        <telerik:GridBoundColumn DataField="OrderID" DataType="System.Int32"
                            FilterControlAltText="Filter OrderID column" HeaderText="OrderID"
                            ReadOnly="True" SortExpression="OrderID" UniqueName="OrderID">
                        </telerik:GridBoundColumn>
                        <telerik:GridDateTimeColumn DataField="OrderDate" DataType="System.DateTime"
                            FilterControlAltText="Filter OrderDate column" HeaderText="OrderDate"
                            SortExpression="OrderDate" UniqueName="OrderDate">
                        </telerik:GridDateTimeColumn>
                        <telerik:GridNumericColumn DataField="Freight" DataType="System.Decimal"
                            FilterControlAltText="Filter Freight column" HeaderText="Freight"
                            SortExpression="Freight" UniqueName="Freight">
                        </telerik:GridNumericColumn>
                        <telerik:GridBoundColumn DataField="ShipName"
                            FilterControlAltText="Filter ShipName column" HeaderText="ShipName"
                            SortExpression="ShipName" UniqueName="ShipName">
                        </telerik:GridBoundColumn>
                        <telerik:GridBoundColumn DataField="ShipCountry"
                            FilterControlAltText="Filter ShipCountry column" HeaderText="ShipCountry"
                            SortExpression="ShipCountry" UniqueName="ShipCountry">
                        </telerik:GridBoundColumn>
                    </Columns>
                </MasterTableView>
            </telerik:RadGrid>