Hi Team,

We recently ran security scan on our web application which using "https://kendo.cdn.telerik.com/2020.2.513" Version.

and we encountered one scenario where Cross Site script executed even though we implemented encode and decode.

Scenari: User opens editor -> Clicks Insert Link Option.

We filled URL, Text inputs and for Tooltip fields we input Cross Site Script i.e (">">">"><script>alert(document.cookie);</script>)

and we clicked INSERT.

Basically the Tooltip field will break the anchor tag title parameter and script will execute.

Though we have implemented HTML encode and Decode we still experiencing this alert popup with cookie data while encode and Save and also Decode and Show.

OR
Please let us know.

How to restrict user to input only Alphanumeric Values into the fields "Text", and "ToolTip" when user clicks "Insert Link" option on Kendo tool Editor (CK Editor).

Bug report

When text is hihlighet in Rwad-Only Editor and the user tries to paste a text, the highlighted text dissapears.

Reproduction of the problem

1. Open the Dojo
2. Copy some text
3. Highlight part of the text in the Editor and try to paste using Ctrl + V

Current behavior

Currently, the highlighted text dissapers

Expected/desired behavior

The highlighted text should not dissapear and the content of the Editor should remain unchanged.

Workaround

kendo.ui.editor.Clipboard.fn.onpaste = function(){
        if (this.editor.body.contentEditable === "false" || this.editor.body.contentEditable === "inherit" ) {
          return;
        }
      }

Dojo

Environment

• Kendo UI version: 2022.1.412
• Browser: [all ]

Describe the regression
If you bold some text in the Inline Editor, the content will be displayed on separate lines

To reproduce

1. Open this example - https://dojo.telerik.com/aZAFUzuq/12
2. Type some text, e.g "Some editor text"
3. Bold the "editor" part
   Expected behavior
   The text should remain on a single line.

Affected package (please remove the unneeded items)

• theme-default
• theme-bootstrap
• theme-material
• theme-tasks

**Affected suites

• Kendo UI for jQuery

Affected browsers

• All

Additional context
Introduced with 2020.2.617

Bug report

Color style is not preserved for the font tag in the Editor

Reproduction of the problem

1. Open this Dojo example - https://dojo.telerik.com/ucUxOLej/10
2. Change the color of the text
3. Press the Test button to console log the Editor value

Current behavior

The color style is not preserved

Expected/desired behavior

The color style should be preserved.

Environment

• Kendo UI version: 2022.2.621
• Browser: [all]

Bug report

If you select a text in the Editor, the ForeColor value is not updated to match the color of the selected text.

Reproduction of the problem

1. Open this Dojo example - https://dojo.telerik.com/IHAGOfom/6
2. Select the first line
3. Select a color from the tool
4. Select the second line

Current behavior

The value of the ForeColor tool is not updated to match the second line

Expected/desired behavior

The ForeColor value should change based on the selected text

Environment

• Kendo UI version: 2022.3.913
• Browser: [all]

Hello,

when I paste text from notepad editor, it is pasted with default font-size even if I currently have cursor on text with bigger font size. Can the editor apply current formatting on pasted text? it is replicable in editor demo. https://demos.telerik.com/kendo-ui/editor/index

thanks,

Marel

The Kendo UI Editor widget comes with a tool formatting tool that can be activated using the tools option. It renders a dropDown with different entries representing the supported formatting styles. As you can see in this DOJO, the entries are overly large. This comes from a syntax error in the inline style applied to the span inside the .k-list-item-text DOM element (display: inline-block#; instead of display: inline-block;) This causes the browser to ignore this line and leads to broken styling. Fixing the syntax error in the browser console fixes the styling issue.

We are seeing an issue with duplicate images being inserted in the editor on the key combinations below.

This issue can be recreated on the Kendo editor demo website.

1. Add an image to the editor.
2. Place cursor in front of image and press Enter.
3. Press arrow-up key to move cursor to empty line above image.
4. Press delete key to remove empty line.
5. Press Enter key to create a duplicate image.

Bug report

When content is pasted in the Editor, even if the keepNewLines option is enabled three </br> tasg are added for a single line.

Reproduction of the problem

1. Open the Dojo - https://dojo.telerik.com/@NeliKondova/eqIcekaq
2. Open the attached .txt file and paste its content in the Editor.

EditorPasteBrFile.txt

Current behavior

There are 3 <br/> tags for each new line

Expected/desired behavior

There should be a single <br/> tag for each line.

Environment

• Kendo UI version: 2023.1.425
• Browser: [all ]

Bug report

In an Editor that has a visible scrollbar, the selection event fires if you click on the scrollbar.

Reproduction of the problem

1. Open the Editor events demo - https://demos.telerik.com/kendo-ui/editor/events
2. Type some content until the scrollbar appears
3. Click on the scrollbar

Current behavior

The selection event triggers when you click the scrollbar

Expected/desired behavior

The selection event shouldn't trigger when you click the scrollbar

Environment

• Kendo UI version: 2023.2.718
• Browser: [all]

When the Kendo Editor is utilized within a Bootstrap modal popup and the tools configuration includes tools such as fontName, fontSize, fontColor, backColor, formatting that are not moved to the overflow popup, the toolbar is wider and does not display the overflow button. 

- https://dojo.telerik.com/OhiJaSOV/3

I would like to be able to display all tools when the toolbar of the Editor is set to resizable.

Bug report

When a link is added to the Inline Editor content and the user clicks outside the Editor, the toolbar does not always hide.

Reproduction of the problem

1. Open the Demo - https://demos.telerik.com/kendo-ui/editor/inline-editing
2. Add a link
3. Click outside the Editor

Note: the issue does not always appear, so you may need to test multiple times.

Current behavior

The Toolbar does not hide. - screencast - https://screenpal.com/watch/c06q2DVE2Zi

Expected/desired behavior

The toolbar should hide once the user clicks outside the Editor.

Environment

• Kendo UI version: 2023.3.1010
• Browser: [all ]

Bug report

The options in the Format Tool dropdown are displayed differently in Safari.

Regression introduced with 2023.1.314

Reproduction of the problem

1. Open this Dojo example on Mac in Safari - https://dojo.telerik.com/OmEpaJOF/5
2. Open the Format tool.

Current behavior

The options in the Tool are displayed with different styles compared to Chrome

Expected/desired behavior

The options should be displayed as in Chrome.

Environment

• Kendo UI version: 2023.3.1010
• Browser: [Safari]

Bug report

When an existing table is wrapped in a <div> and there is a </br> tag in the content, then when a table is inserted through the insertTable tool, the rows from the previous table dissapear.

Reproduction of the problem

1. Open the Dojo - https://dojo.telerik.com/@NeliKondova/ICAvOQOj
2. Copy the following content:

<div>
  <table name="content" >
    <tbody>
      <tr>
        <td><strong>Indhold</strong><span>IndholdStart</span></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
    </tbody>
  </table>
  <span >First </span> 
  </br>
  </br>
  </br>  
  <span >Second</span>
</div>

3. Click on the 'View HTML' tool in the Editor and paste the content from step 2. Click on the 'Update' button in the ViewHtml popup
4. In the Editor click between the First and Second
5. Insert a table through the insertTable tool

Current behavior

The rows from the initial table dissapear.
Note. The issue can be reproduced when both - the dic and the br tag from the example above are present.
screencast - https://somup.com/c0X3lEgyi3

Expected/desired behavior

The extisting tables should not be changed when a new table is inserted

Environment

• Kendo UI version: 2023.3.1114
• Browser: [all ]

Bug report

When you resize an image in the Editor, the image occasionally flickers. Also, if you decrease the size of the image, you cannot smoothly increase it back

Reproduction of the problem

Flickering issue:

1. Open this Dojo example - https://dojo.telerik.com/EMeTaBOw/5
2. Grab the top right resize handle
3. Decrease the size of the image several times

Increase width issue

1. Open this Dojo example - https://dojo.telerik.com/EMeTaBOw/5
2. Grab the top right resize handle
3. Decrease the size of the image and let go of the resize handler
4. Grab the top right handler again and try to increase its width.

Current behavior

The image flickers upon resizing, and you cannot increase its width

Expected/desired behavior

The image shouldn't be flickering, and you should be able to smoothly increase its width

Environment

• Kendo UI version: 2023.3.1114
• Browser: [all]

Bug report

In an Editor with custom fontName items configured, the selection in the tool is not preserved when specific items are selected.

Reproduction of the problem

1. Open this Dojo - https://dojo.telerik.com/oGavoViC/28
2. Select the text and choose "Andale Mono"
3. Open the fontName dropdown.

Current behavior

The "Andane Mono" does not appear as selected in the list

Expected/desired behavior

The "Andane Mono" should be selected in the list

Environment

• Kendo UI version: 2024.1.130
• Browser: [all]

Hi Team,

Create table popup inside the editor does not announce the table cells selected by user to screen reader.

https://dojo.telerik.com/enAFIvab

any help is appreciated.

Thanks,

Ashutosh

Bug report

The Editor doesn't allow multiple separators through the tools configuration.

Reproduction of the problem

1. Open this Dojo example - https://dojo.telerik.com/eSESEheW/19

Current behavior

Only the first separator is rendered.

Expected/desired behavior

All the separators should be rendered

Environment

• Kendo UI version: 2024.1.319
• Browser: [all]

Bug report

If you toggle the formatting marks in an Inline Editor, the marks are toggled for every Editor on the page. Additionally, if the content is scrollable, the marks remain stationary when you scroll through the content.

Reproduction of the problem

1. Open this Dojo example - https://dojo.telerik.com/@martin.tabakov@progress.com/AFiTuKif/2
2. Open the top inline Editor
3. Toggle the formatting marks
4. Scroll the Top Inline Editor

Current behavior

The formatting marks are toggled for each Editor on the page, and the arrow formatting mark remains stationary if you scroll through the content.

Expected/desired behavior

The formatting marks should be toggled for the target Editor only, and the formatting mark shouldn't scroll.

Environment

• Kendo UI version: 2024.2.519
• Browser: [all]

Bug report

Editor's Toolbar sets default values when adding a text ( double Enter click ) between Ordered / Unordered list items.

Reproduction of the problem

1. Open the Dojo https://dojo.telerik.com/erayiJaV/2
2. Change the fontName and fontSize.
3. Insert an ordered / Un ordered list.
4. Add items to the list.
5. In one of the items (excluding the last one), press Enter twice to create a new line.
6. Type some text on the new line.

Current behavior

The fontName and fontSize are set to the default values ( inherit ).

Expected/desired behavior

The fontName and fontSize remain with the values we set.

Environment

• Kendo UI version: 2024.2.514
• Browser: [all]