Pending Review
Last Updated: 23 Oct 2018 16:12 by ADMIN
Created by: Wannes
Comments: 0
Category: Templates
Type: Feature Request
Concerning Cross Site Scripting (XSS), from the client-side perspective, data coming from any server cannot be trusted, even when it's one of your own servers (which may have been hacked).
While it is true that you need XSS protection on your server, it's certainly not a luxury to have additional protection on the client-side.

The kendo.template() function for example can be extended to filter out any unwanted <script> tags. The following code would do it:

var kendoTemplate = kendo.template;
kendo.template = function () {
    var templateFunction = kendoTemplate.apply(kendoTemplate, arguments);
    return function () {
        var htmlWithoutScripts = $.parseHTML(templateFunction.apply(templateFunction, arguments));
        return $("<div></div>").html(htmlWithoutScripts).html();

The jQuery.parseHTML() function will strip any <script> tags...
I'm not sure what the impact is for performance when there are too many repeated template calls on the same screen, but for normal use the overhead should be minimal.
Maybe this code can be run only for the HTML expressions in the template (#= expression#).

Could this kind of XSS protection be added to Kendo UI by default? Or at least be available as an option?

Best Regards,
Wannes Simons.
Pending Review
Last Updated: 06 Feb 2017 09:34 by ADMIN
Created by: anirudh
Comments: 5
Category: Templates
Type: Feature Request

We're building a large JS app that uses jQuery templates. When the number of templates got out of hand, I moved it to another HTML page, and did a $.get("templates.html") and appended that to the DOM.

We load each template one by one. We wanted to do parallel loading using something similar to head.js

Maybe you guys can come up with a way of doing it neater. Maybe something like this:

kendo.templates.remote = ['templates1.html', 'templates2.html'];
kendo.ready(function(){ //kick ass! });
Pending Review
Last Updated: 30 Jul 2018 09:55 by ADMIN
Kendo templates are broken if they contain any character, which is encoded to '&#123;' since '#' is en expression delimiter for kendo templates. Documentation suggests to escape '#' with '\\#', but this makes the very basic syntax (example using ASP.NET MVC) look ridiculous: instead of writing @Localization.Get("aaa") I need to use @Html.Raw(Html.Kendo().TemplateEncode(Html.Encode(Localization.Get("aaa")))) for every localization string I have in kendo templates (since any string may contain unicode characters in some language).
If you had '##' or '$' as expression delimiter, simple @Localization.Get("aaa") would work in 99.9% of cases.
I suggest you:
1) Fix current template syntax parser to not treat HTML-encoded symbols as template delimiters.
2) For more reliability, create second template type 'text/x-kendo-template2' with delimiter being '##', '$' or whatever is found the least conflicting after proper analysis. Make it recommended for future and make 'text/x-kendo-template' obsolete.
3) Add TemplateEncode() method to Kendo MVC extensions.
Pending Review
Last Updated: 13 Jun 2017 09:35 by ADMIN
Created by: Imported User
Comments: 0
Category: Templates
Type: Feature Request
When a grid has many columns, the column menu becomes difficult to use. This is because of two things: the columns are always in the order that they appear in the grid, and there is no support for templates/column grouping. The result is a long unordered list that is difficult for users to navigate quickly.

Suggested improvements:
1) Add option to sort columns in alphabetic order in the column menu.

2) Add option to group columns either by data type or user-defined groups.
Pending Review
Last Updated: 13 Jun 2017 13:41 by ADMIN
SVG paths are not rendering with kendo templates binding with MVVM view model. For reference:

Known Issue:
In firefox, when we inspect svg element and edit that svg tag element 
(right click and select "Edit Svg") then the svg is rendering.

But in IE 10 and Safari, no path tags are found in svg tag.

Other browser except Chrome, require the elements to be created with the correct namespace. Since the template output is a string this typically involves a DOMParser.
The code works out to something like this:

var parser = new DOMParser();
var doc = parser.parseFromString(svgString, "text/xml");
var node = document.adoptNode(doc.documentElement);
// node can now be appended to the current document

Can this code be supported with kendo templates to render SVG tags.
Pending Review
Last Updated: 12 Nov 2015 16:45 by Titus
Created by: Chris
Comments: 3
Category: Templates
Type: Feature Request
Add Server-side rendering engines for templates.  I would love them in .Net first and then php and then Ruby.  Having server side is huge for SEO and with a rendering engine could basically take a huge chunk of server code out of the mix and just replace with templates.
Pending Review
Last Updated: 02 Sep 2016 09:08 by ADMIN
Created by: Daniel
Comments: 0
Category: Templates
Type: Feature Request
If you edit a record in a grid it automatically validates against the validation rules defined in the schema.Model.  However if you use a custom editor template you have to manually add the html attributes such as required to each input field.  It would be nice to be able to use the same validation rules defined in the schema.Model for custom editor templates as well.

Pending Review
Last Updated: 13 Jul 2017 09:09 by ADMIN
Created by: Imported User
Comments: 3
Category: Templates
Type: Feature Request
Add support for templating panelbar items (separate templates for first (header) and second (items) level). 
Pending Review
Last Updated: 23 Jul 2015 22:20 by JohnVS
Created by: Imported User
Comments: 1
Category: Templates
Type: Feature Request
It would be nice if there was a tool that could validate if the template you are writing is valid or not, since the error message doesn't tell you where the error is.
Pending Review
Last Updated: 26 Jan 2015 11:02 by ADMIN
If a Kendo-Grid is set with .Scrollable(true) the height of the grid get a style with "height:200px;". This seems to be unchangeable without edit the Kendo Source code. But in my opinion this is somehow needed. Of cource it could be changed later with some javascript code but why so intricate? It would be much more efficient to "change" the css i want on the fly.
.ScrollableStyle(new { @class = "max-height:300px;" })
Pending Review
Last Updated: 13 Aug 2012 21:48 by ADMIN
The template is not so friendly with document db such as MongoDB. Data in MongoDB are schema free, it means some data fields may be missing. It may lead to an error while rendering templates. jQuery's API can have a optional arg to provide default value, but I don't how to do it in Kendo.
Pending Review
Last Updated: 15 Oct 2013 09:35 by raghav
I'd love for the ability to choose between the light/dark version of the icons in the sprite.png file. As of now, most of the themes contain a light and a dark version. However, there is no easy way to choose between the too when I'm writing my code. The only way to change is to go into the CSS file and override it manually. 

This has been an issue already, because at least once now the classes have changed, causing me to go back and make further edits to my CSS file.

it should be something as simple as adding a light/dark class to element so that it knows to choose the appropriate background position for the sprite. 

This seems like something very easy to do that doesn't require much programming. I hope to see this soon!
Pending Review
Last Updated: 19 Mar 2017 00:52 by ADMIN
For all the “items” controls that have a “Template” configuration property to define the items (for example: combobox, dropdownlist) the documentation tells me the template property can be a string or function.
If a function is used this function should return a string presentation of the Html you want to be rendered. 
I would like to have this template functionality enhanced so the function can also return an HtmlElement or HtmlFragment instead of a string. So the template function is fully responsible to construct the Html that will be inserted into the dom. Your template processing only has to check if the return type of the function is an instance of a HtmlElement or HtmlFragment an take the result of the function as it is. No further processing needed. 
Reasoning behind this feature request is:
In my development I try to move away from string based definition of Html as far as possible. Because this string based definition of Html and Htmltemplates is the weak part of a modern SPA architecture. No designtime checking of the content of these Html with its binding expressions is possible.
Therefore I developed a component to define my  HtmlElements or HtmlFragments in a strong typed way. This component has full support for designtime checking of properties and binding expressions. The result from my component however is an HtmlElement not a “String”. Now i have to work around this by serializing the HtmlEment to  a string. This not only is a waste of performance but also makes it impossible to attach event handler to the hmlElement or it children.

Pending Review
Last Updated: 02 Oct 2015 11:25 by Ruud
Create a new configuration option so you can not show anything when the value for a field is "null". So, for example; a mobile listview has a new property "shownullvalues", when set to false, it will not display any text when the actual field value is not present (or null).
Pending Review
Last Updated: 15 Jan 2015 11:12 by Ben
In the Grid component, the ClientDetailTemplate can be created within script tags and marked as text/kendo-tmpl, and then referenced via the ClientDetailTemplateId("...") option.

It would be great to be able to do the same with ClientRowTemplate also to save having to manually generate it in javascript using kendo.template(...).html().