Pending Review
Last Updated: 23 Sep 2020 07:15 by Dhiraj
Created by: Dhiraj
Comments: 1
Category: UI for ASP.NET AJAX
Type: Bug Report
0

Greetings!

Description:

I have found a Cross-Site Scripting issue in the rich text editor, RadEditor. This is not in a body where user provides certain strings, rather it's in the text properties which gets sent along with the user input, such as font-style. The developers were able to follow the filtering mechanisms given in at https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/managing-content/prevent-cross-site-scripting-(xss), but it provides protection for the inputs given in <textarea>, and for the properties values. Hence XSS is still possible

 

Steps for Reproduction:

 

1. Open up the text editor {{Screenshot 2020-09-23 at 12.08.51 PM.png}}

2. Input a string and change its font style.

3. Click on submit and intercept the request. {{Screenshot 2020-09-23 at 12.14.45 PM.png}}

4. Now we need to modify the request body for parameter of texteditor's ID. You may notice that the font-style is set and sent by using a <span>.

RadEditor1=%253cspan%20style%253d%2522font-family%253a%20%2527MS%20Sans%20Serif%2527%253b%2522%253etextexttext%253c%2Fspan%253e

Change parameter 'RadEditor1's value with the following:

RadEditor1=%253cspan%20onmouseover%253d%2522document.body.innerHTML%253d%2527ioioioioioioioioo%2527%252bdocument.cookie%2522%20style%253d%2522font-family%253a%20%2527MS%20Sans%20Serif%2527%253b%2522%253etextexttext%253c%2Fspan%253e

5. Submit and notice the 200 OK response. Now go to the text editor and notice that the string texttexttext can be seen. {{Screenshot 2020-09-23 at 12.24.18 PM.png}}

6. Put a mouse cursor on the string and notice that it gets changed to ioioioioioioioioo<domainCookies>.

 

##################

Please let me know if given information doesn't suffice the abilities for reproduction.

 

Thanks,

Dhiraj

Under Review
Last Updated: 21 Sep 2020 11:56 by ADMIN

We used Telerik in our application. The network team reported a spam in it.

Using Telerik grid with SortExpression in telerik:GridTemplateColumn, has been reported as high priority network issue.

 

Issue name : Ajax request header manipulation (DOM-based)

 

Recorded the issue in below snippet of responce.

onclick="Telerik.Web.UI.Grid.Sort()"

 

Please let me know if you have any suggestions.!!!

Under Review
Last Updated: 18 Sep 2020 12:53 by ADMIN

Reproduction of the issue

RadGrid declaration

<telerik:RadButton runat="server" Text="PostBack"  AutoPostBack="true"></telerik:RadButton>
<telerik:RadGrid runat="server" ID="RadGrid2">
    <MasterTableView DataKeyNames="Column1" ClientDataKeyNames="Column1" CommandItemDisplay="Top">
            <Columns>
            <telerik:GridBoundColumn UniqueName="Col1" DataField="Column1" HeaderText="Col1"s></telerik:GridBoundColumn>
                <telerik:GridBoundColumn UniqueName="Col2" DataField="Column2" HeaderText="Col2"></telerik:GridBoundColumn>
                <telerik:GridBoundColumn UniqueName="Co13" DataField="Column3" HeaderText="Co13"></telerik:GridBoundColumn>
                <telerik:GridBoundColumn UniqueName="Col4" DataField="Column4" HeaderText="Col4"></telerik:GridBoundColumn>
        </Columns>
    </MasterTableView>
    <ClientSettings ReorderColumnsOnClient="false" AllowColumnsReorder="true">
            <DataBinding Location="~/Api/RevCodeGrid" SelectMethod="GetDataAndCount2"   >
        </DataBinding>
    </ClientSettings>
</telerik:RadGrid>

 

RevCodeGridController

public class Test
{
    public String Column1 { get; set; }
    public String Column2 { get; set; }
    public String Column3 { get; set; }
    public String Column4 { get; set; }
}


[HttpPost]
public virtual RadGridResultData GetDataAndCount2(object context)
{
    List<Test> items = new List<Test>();
    items.Add(new Test() { Column1 = "1", Column2 = "A", Column3 = "A1", Column4 = "A12" });
    items.Add(new Test() { Column1 = "2", Column2 = "B", Column3 = "B1", Column4 = "B12" });
    items.Add(new Test() { Column1 = "3", Column2 = "C", Column3 = "C1", Column4 = "C12" });
    items.Add(new Test() { Column1 = "4", Column2 = "D", Column3 = "D1", Column4 = "D12" });

    return new RadGridResultData { Data = items, Count = items.Count };
}

 

 

 

 

 

 

 

Planned
Last Updated: 17 Sep 2020 10:30 by ADMIN
Scheduled for R3 2020 SP1
Created by: Lars
Comments: 0
Category: DropDownList
Type: Bug Report
1

Current style

.k-reset {
  margin: 0;
  padding: 0;
  border: 0;
  background: none;
  list-style: none; }

What it should be:

.k-reset {
    margin: 0;
    padding: 0;
    border-width: 0;
    outline: 0;
    text-decoration: none;
    font: inherit;
    list-style: none
}

Completed
Last Updated: 17 Sep 2020 10:11 by ADMIN
Release R3 2020 SP1
Created by: rumen jekov
Comments: 0
Category: UI for ASP.NET AJAX
Type: Bug Report
0
When you click on the Spell Check button on the toolbar, the dialog with the suggestions list will popup on page top, but not at the expected position.
Completed
Last Updated: 16 Sep 2020 12:11 by ADMIN
Release R3 2020 SP1
Like the title says, when the editor renders as mobile and EnableAriaSupport="true", the editor fails to initialize on JavaScript-level.
Unplanned
Last Updated: 16 Sep 2020 11:27 by ADMIN
Created by: Neale Hayes
Comments: 0
Category: DatePicker
Type: Bug Report
0

1) There is no element with the id or name as the value of the aria-controls attribute of the dateinput button with enabled ARIA support. 

2) The aria-valuemin and aria-valuemax attribute are not valid on role=textbox

To fix these, the following workarounds can be used

Option 1: OnClientLoad event of the DateInput element inside the DatePicker

function DatePickerOnClientLoad(sender) { setTimeout(function () { $telerik.$(sender.get_element()).parent().find("[role=button][aria-controls]").removeAttr("aria-controls");
$telerik.$(sender.get_element()).removeAttr("aria-valuemin").removeAttr("aria-valuemax") }) }

 

Option 2: using Sys.Application.Load event

function pageLoadHandler() {
    $telerik.$("[role=button][aria-controls]");
    $telerik.$("[role=textbox]").removeAttr("aria-valuemin").removeAttr("aria-valuemax");
    // Sys.Application.remove_load(pageLoadHandler);  
}
Sys.Application.add_load(pageLoadHandler);

 

 

 

Unplanned
Last Updated: 11 Sep 2020 13:10 by ADMIN
When track changes disabled the backspace is OK:
- User typed two lines (1) & (2)
- At the beginning of the line (2) user presses the backspace key, it successfully appended the line (2) with line (1) (where there was a space available). 
When track changes enabled the backspace does not work as expected:
- User typed two lines (1) & (2)
- At the beginning of the line (2) user presses the backspace key, it removes the end of the character in line (1).
Completed
Last Updated: 10 Sep 2020 14:17 by ADMIN
Created by: Laurentiu Stamat
Comments: 1
Category: UI for ASP.NET AJAX
Type: Bug Report
0

 Hello,

I have noticed the changes in your website, demos and documentation, but not all seems to work well on IE 11.

In the new interface of

 https://docs.telerik.com/devtools/aspnet-ajax/introduction?_ga=2.16776693.2130593711.1599296842-392310183.1565849466

 the left menu dissapear after more clicks (IE11)

However, in ASP.net AJAX demos, the new interface is not looking good on IE 11

For example,  https://demos.telerik.com/aspnet-ajax/orgchart/examples/expandcollapse/defaultcs.aspx

The old interface was looking great, I had no problems at all, any control

I hope I will not have the same problems in my ASP.net application... 

 

 

Completed
Last Updated: 10 Sep 2020 09:56 by ADMIN
Release R1 2017 SP1
ADMIN
Created by: Peter Milchev
Comments: 1
Category: UI for ASP.NET AJAX
Type: Bug Report
3

					
			
Completed
Last Updated: 10 Sep 2020 09:54 by ADMIN
Release R1 2018
Planned
Last Updated: 09 Sep 2020 14:59 by ADMIN
Scheduled for R3 2020
Created by: Mamallan
Comments: 1
Category: Spreadsheet
Type: Bug Report
1

The issue is replicated when the spreadsheet is higher than the screen height. To reproduce it, scroll the page and click the last visible cell. 

Result: The page is scrolled to the beginning of the Spreadsheet element

Expected: The page is not scrolled

<telerik:RadSpreadsheet runat="server" ID="RadSpreadsheet1" Height="2000px" Width="100%">
</telerik:RadSpreadsheet>

 

Planned
Last Updated: 09 Sep 2020 13:48 by ADMIN
Scheduled for R1 2021
Status bar in Grid does not hide after Exporting a document when OnCommand client event is handled
Planned
Last Updated: 09 Sep 2020 13:41 by ADMIN
Scheduled for R1 2021
When exporting to Excel XLSX while there are hidden columns at the end of the columns collection and an unused ColumnGroup, the application throws the exception of: Index was out of range. Must be non-negative and less than the size of the collection
Planned
Last Updated: 09 Sep 2020 13:38 by ADMIN
Scheduled for R1 2021
When there is at least one ColumnGroup which is not assigned to any of the columns in RadGrid, exporting to Excel throws an exception "Index was outside the bonds of the array"
Declined
Last Updated: 09 Sep 2020 10:48 by ADMIN

We have code for our ajaxified submit forms to disable the submit button on request start and re-enabled it on request end. This used to work, but when we upgraded to the latest build (2020.2.617), setting the disabled property to false now throws an error in IE from the WebResource.axd file (does not appear to have a problem in Firefox). The attached demo project shows exactly where the error occurs. Just click the Search button.

Attached picture shows an example of the error message thrown. The error does not appear to be with our javascript code itself; all the variables are populated and valid. It looks like something is getting triggered in the WebResource code when we set the disabled property to false and that is where the break is occurring.

 

Completed
Last Updated: 08 Sep 2020 13:06 by ADMIN
Release R3 2020
Cookie law loads a <form> tag before the <form> tag of the framework, hence the dropdown is placed in the hidden cookie form instead of the correct one.
Planned
Last Updated: 07 Sep 2020 08:30 by ADMIN
Scheduled for R3 2020 SP1

This can be achieved if the role=menubar is set to the <ul> element containing the <li> menu items instead of the wrapper <div> element.

In this example from the WAI-ARIA Practices site, JAWS announces "1 of 3", "2 of 3", and "3 of 3" as the top-level menus are navigated.

https://www.w3.org/TR/wai-aria-practices/examples/menubar/menubar-1/menubar-1.html

 Workaround from Admin:

<script>
    function OnClientLoad(sender, args) {
        $telerik.$(sender.get_element()).removeAttr("role").find(">").attr("role", "menubar")
    }
</script>
<telerik:RadMenu runat="server" ID="RadMenu1" EnableAriaSupport="true"  RenderMode="Lightweight" OnClientLoad="OnClientLoad" TabIndex="1">

Planned
Last Updated: 04 Sep 2020 12:10 by ADMIN
Scheduled for R3 2020 SP1
When using RadAjaxManager or RadAjaxPanel in SharePoint 2019 for the purpose to enable ajax for Controls, a partial PostBack will cause the page become Blank. A test was conducted using the generic ASP UpdatePanel which worked as expected.
Planned
Last Updated: 04 Sep 2020 12:00 by ADMIN
Scheduled for R3 2020 SP1
Created by: Jeff
Comments: 1
Category: TabStrip
Type: Bug Report
0

Accessibility Insights is reporting invalid markup on all tabs in the TabList.

When consulting the online aria specifications I see that elements with role="tablist" support aria-level="#" where number is > 0.  (https://www.w3.org/TR/wai-aria-1.2/#tablist) However, elements with role="tab" do not. (https://www.w3.org/TR/wai-aria-1.2/#tab)

If possible, we would like to see the aria-level tag moved to the correct page elements in the next release. (Thanks for correcting the aria-level="0" problem previously.) 

I believe this may be the compliance issue Sunil was reporting previously here: https://feedback.telerik.com/aspnet-ajax/1413112-this-ul-should-only-contain-li-elements-without-an-aria-assigned-role

1 2 3 4 5 6