Hi,
I am contacting you today to let you know I have found cross-site scripting vectors within the latest version of the RadEditor. I have attached images of the payloads that seem to bypass the XSS filter.
The second payload only works on Firefox browsers, but the first works on Chrome browsers too. While it still requires users to click on the link to trigger XSS, it can be easily social engineered in most situations.
If the Track Changes feature is enabled Japanese and Korean languages are not detected as modified. The added text is not highlighted.
When track changes disabled the backspace is OK: - User typed two lines (1) & (2) - At the beginning of the line (2) user presses the backspace key, it successfully appended the line (2) with line (1) (where there was a space available). When track changes enabled the backspace does not work as expected: - User typed two lines (1) & (2) - At the beginning of the line (2) user presses the backspace key, it removes the end of the character in line (1).
Given you have a table, where a row has multiple cells containing rowspans.
And there are also cells with no rowspan between them.
E.g. Starting HTML
<table>
<tbody>
<tr>
<td rowspan="2">A1</td>
<td>B1</td>
<td rowspan="2">C1</td>
</tr>
<tr>
<td>B2</td>
</tr>
</tbody>
</table>
When you delete the row (E.g. delete row 1 in the example above).
Then the cells in the resulting table are in the wrong columns.
E.g. Result HTML
<table>
<tbody>
<tr>
<td>A1</td>
<td>C1</td>
<td>B2</td>
</tr>
</tbody>
</table>
Cells C1 and B2 are in the incorrect columns.
The desired outcome of deleting row 1 would be for all cells to remain in their original columns.
E.g. Desired Result HTML
<table>
<tbody>
<tr>
<td>A1</td>
<td>B2</td>
<td>C1</td>
</tr>
</tbody>
</table>
Bug is reproducible in RadEditor demo using Starting HTML above (in various browsers).
Thank you,
Shane
RadEditor does not offer resx localization for the following Track Changes strings "Inserted by ", "Formatted by ", "Deleted by " as well as for the strings in the Comments dialog: Title, Save, Cancel and Edit.
Hello Telerik Team,
This is regarding The SpellCheck functionality in the Telerik Editor. Basically whenever a user activates the the SpellCheck from the "✓abc" button, the page automatically scrolls based on the position of the word. This does not give a good user experience and makes it difficult to work on the page.
We have seen this issue in the demos you have on your site as well.
URL: https://demos.telerik.com/aspnet-ajax/editor/examples/spellchecker/defaultcs.aspx
To Replicate go to this URL and follow the process below:
For your reference, we have attached a screenshot of the editor we have in our website.
Let us know if you require any further information to debug it.
Thank you,
Prateek Sanganeria
We are using CDN and combined scripts as much as possible, and have run into an issue with the RadEditor and applying custom CSS Classes break, e.g. the applied CSS class on the selected content gets stripped for example from
.laystyle
to
.l
Hi Rumen,
I have encountered a problem as follows:
When a table is added to the radeditor with empty cells, after inserting text in the empty cell and rejecting the track changes, the complete td (cell) is removed.
Figure shows text inserted in empty cell with track changes on
After rejecting this track changes:
The cell has been removed and you can see the space in the end
You can use the following table code to reproduce the same, I have tried this in the demo link: https://demos.telerik.com/aspnet-ajax/editor/examples/trackchanges/defaultcs.aspx
<table frame="topbot" class="body_table">Do let me know if you need any further information on the same.
Thanks
Regards
Chetan
Problem: In the RadEditor we have the NewLineMode set to Div We are also using a ToolsFile xml document to control the tools available in RadEditor. The problem is the InsertParagraph tool now inserts <div> tags instead of <p> tags. We want to keep the NewLineMode behavior as DIV while still having a tool that can insert a paragraph (i.e. a <p> tag). To replicate this problem: On the RadEditor demo page, first set "NEW LINES AS" to "Divs". Then, in the editor content area just above the "Destinations" table, Type in three lines: Comment1 Comment2 Comment3 If you then toggle to the HTML tab, you will see that the Comment1 line is (incorrectly) bracketed by a <p> tag while the Comment2 and Comment3 lines are (correctly) bracketed by <div> tags. Next, go back to the Design tab and position yourself at the beginning of the Comment3 line then click the [Insert Paragraph] button. In the newly inserted "paragraph" type "Comment2b". If you then toggle to the HTML tab you will see that Comment2b is incorrectly bracketed by a <div> tag. It should be a <p> tag.
<
telerik:RadTabStrip
runat
=
"server"
ID
=
"RadTabStrip2"
MultiPageID
=
"RadMultiPage2"
SelectedIndex
=
"0"
>
<
Tabs
>
<
telerik:RadTab
Text
=
"Add Response"
></
telerik:RadTab
>
</
Tabs
>
</
telerik:RadTabStrip
>
<
telerik:RadMultiPage
runat
=
"server"
ID
=
"RadMultiPage2"
SelectedIndex
=
"0"
>
<
telerik:RadPageView
runat
=
"server"
ID
=
"RadPageView11"
>
<
telerik:RadEditor
Width
=
"100%"
EditModes
=
"Design"
ID
=
"reReqCom"
runat
=
"server"
ContentAreaCssFile
=
"~/AppRoot/Xml/RadEditor/EditorContentArea.css"
ToolsFile
=
"~/AppRoot/Xml/RadEditor/BasicTools.xml"
Skin
=
"Material"
/>
</
telerik:RadPageView
>
</
telerik:RadMultiPage
>
The problem can be reproduced on the track changes demo at https://demos.telerik.com/aspnet-ajax/editor/examples/trackchanges/defaultcs.aspx 1. Copy a list from word (Bullet or numbered doesn't matter, but numbered is more problematic) 2. Paste into the content area with track changes turned on 3. Apply Bold, Underline or Italics to the pasted list Result: The list seems to break itself into 3 separate lists all spaced further apart than initially. Numbered lists will go from 1,2,3 to having 1,1,1.
Steps:
1) Enter in HTML mode:
<ins author="RadEditorUser" command="Insert" timestamp="1635859985945" title="Inserted by RadEditorUser on 11/2/2021, 3:33:05 PM" class="reU0">
<table>
<tbody>
<tr>
<td> text</td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> text</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>text </td>
</tr>
</tbody>
</table>
</ins>
2) Select the word in cell 1
3) Apply Bold formatting
<ins author="RadEditorUser" command="Insert" timestamp="1635859985945" title="Inserted by RadEditorUser on 11/2/2021, 3:33:05 PM" class="reU0">
<table>
<tbody>
<tr>
<td> </td>
</tr>
</tbody>
</table>
</ins><ins author="RadEditorUser" command="Insert" timestamp="1635859985945" title="Inserted by RadEditorUser on 11/2/2021, 3:33:05 PM" class="reU0">
<table>
<tbody>
<tr>
<td><strong author="RadEditorUser" command="Bold" timestamp="1635860413199" title="Formatted by RadEditorUser on 11/2/2021, 3:40:13 PM" class="reFormat reU0">text</strong></td>
</tr>
</tbody>
</table>
</ins><ins author="RadEditorUser" command="Insert" timestamp="1635859985945" title="Inserted by RadEditorUser on 11/2/2021, 3:33:05 PM" class="reU0">
<table>
<tbody>
<tr>
<td></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> text</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>text </td>
</tr>
</tbody>
</table>
</ins>
This behavior is occuring only if use firefox browser:
1. If you set the EditModes within backend only to EditMode.Preview then all html table elements within content appears like in EditMode.Design with dashed borders.
You can reproduce it on your own demo site https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx simple disable EditMode.Html and EditMode.Design.
Now you see the dashed table element borders like in design mode....
2. Sometimes if you switch edit mode from Html to Preview the same affect is occuring with displaying dashed border with html table elements. If you switch directly from Design mode to preview mode all works fine.
3. If you resize the editor in preview mode with resize button on right lower corner the display switch immediatly to dashed borders for all html table elements...
At the moment we use a fix to reset preview mode: If only preview mode is activated for the editor we set the preview mode again with a timeout of 250 ms after loading of dialog is ready (if the timeout is to low no affect appear).
Sys.Application.add_load(function(){ window.setTimeout(function(){$find('AjaxEditorClientID').set_mode(4)},250); }); });
Regards
Thomas
Hi,
As per title and I also find out it able to reproduce in the demo site: https://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx
Step:
1. Change to 'HTML' mode.
2. Open 'Find And Replace' dialog.
3. Enter a word to find and hit the 'Find' button.
Notice that the word does not get highlighted. It only happens in 'HTML' mode, 'Design' mode working fine.
Please help as this feature is very useful in my project.
Thank you.
The issue is as we are deleting the entire line which contains bullets, it doesn't delete the bullets. We are using server side AcceptTrackChanges() method and it keeps the background color of the deleted lines. ASPX <telerik:RadEditor RenderMode="Lightweight" ID="RadEditor1" EnableTrackChanges="true" runat="server" Width="750px" Height="400px" ToolsFile="~/ToolsFile.xml"> <TrackChangesSettings Author="RadEditorUser" CanAcceptTrackChanges="true" UserCssId="reU0"></TrackChangesSettings> <Content> <ol> <li>test <ol> <li>test2</li> </ol> </li> <li>test3</li> </ol> </Content> </telerik:RadEditor> <asp:Button Text="Get Content" OnClick="GetContent" runat="server" /> <br /> EditorWithoutTracking:<br /> <asp:TextBox runat="server" id="EditorWithoutTracking" TextMode="MultiLine" Width="1000px" Height="500px"/><br /> EditorWithTracking:<br /> <asp:TextBox runat="server" id="EditorWithTracking" TextMode="MultiLine" Width="1000px" Height="500px"/> Codebehind protected void GetContent(object sender, EventArgs e) { EditorWithoutTracking.Text = RadEditor1.Content; RadEditor1.AcceptTrackChanges(); EditorWithTracking.Text = RadEditor1.Content; }
We have an issue with paragraph styles which have some custom classes. It has different behavior depending on how you select your paragraph. In some cases, when you fully select your paragraph the class remains the same the previous paragraph. Please see the video of issue reproducing on the Telerik demo for more details: https://www.screencast.com/t/xg9b1imVO Workaround: <script type="text/javascript"> function OnClientCommandExecuting(editor, args) { //The command name var commandName = args.get_commandName(); //The tool that initiated the command if (commandName == "FormatBlock") { //editor.get_document().execCommand("FormatBlock", false, "div"); var selectedElement = editor.getSelectedElement(); if (selectedElement.getAttribute("style")) { selectedElement.removeAttribute("style"); } else if (selectedElement.getAttribute("class")) { selectedElement.removeAttribute("class"); } } } </script> <telerik:RadEditor RenderMode="Lightweight" runat="server" ID="RadEditor1" ToolsFile="Tools.xml" Width="800px" OnClientCommandExecuting="OnClientCommandExecuting"> <Content> some plain text </Content> <CssFiles> <telerik:EditorCssFile Value="Styles.css" /> </CssFiles> </telerik:RadEditor>
When the Track Changes is enabled and a <p> element contains nothing but whitespace (newline, space or tab characters), any time one character is deleted, the entire element is deleted Another issue relating to this, is that when the line is deleted, if there is another whitespace <p> element above the element, the cursor is placed not on that line, but on whatever line is next without any whitespace. This behavior can be reproduced in the track-changes demo (Found at https://demos.telerik.com/aspnet-ajax/editor/examples/trackchanges/defaultcs.aspx ) ,by following these steps: 1. Create a <p> element containing some text 2. Below this element, create 3 more containing nothing but whitespace 3. On the last line enter a space and then press the backspace key The cursor will be moved to the <p> element containing text and the entire element will be deleted (not just the space which was entered)
1. Inside the editor (http://demos.telerik.com/aspnet-ajax/editor) copy and paste the contents of the attached file. 2. When prompted to clean the pasted data, select Yes. 3. Visually inspect the order of the list elements and the indentation - see the screenshot in the attachment.