Last Updated: 16 Mar 2023 13:29 by ADMIN
A security vulnerability with Excel exports from Telerik Reporting is Macro Injection attacks.
This regularly raises flags during security audits.
Essentially users can create data in the system that will appear in a cell of the report, and execute as a macro and allow running custom code on the computers of anyone who opens the xls or xlsx file.

Currently there is a setting to protect Telerik's exports CSV exports ("FormulaPrefix")

The same setting should be introduced for Excel (xls & xlsx) exports.
It should be another parameter of the xls/xlsx export extensions

Last Updated: 17 Feb 2023 10:47 by ADMIN
DOCX export restarts the numbering on the second page for ordered lists.
Last Updated: 28 Oct 2020 19:02 by ADMIN
Scheduled for R1 2021

If a table-based item (Table, List, Crosstab) does not fit in a single page and needs to occupy more than one page, its bottom border is not drawn on the first page and its top border is not drawn on the second (subsequent) page. This behavior is by design and its purpose is to help the users visually distinguish the table as a single item. The table has only one top and bottom border and they are displayed at the beginning and at the end of the table, regardless how many pages the table actually occupies.

Since users might find this confusing, a table should have a property controlling this behavior. The default state of the property will preserve the current rendering. If the user explicitly sets the property, then the table will draw its top and bottom borders on every page it occupies.

Last Updated: 29 Jul 2020 09:49 by ADMIN

If the HTML5 Report Viewer gets hidden on renderingBegin(e, args) event and shown on renderingEnd(e, args) event, its toolbar is shown, but the contents are still invisible.

Code snippet that demonstrates the issue:

		... initialization script goes here
        renderingBegin: function (e, args) {
        renderingEnd: function (e, args) {

Last Updated: 16 Jul 2020 12:28 by ADMIN



I currently have a WebServiceDataSource in my report using a POST Method, a Body and a Parameter for Content-Type.

However, if I try to add a second WebServiceDataSource with a Content-Type parameter it throws an error saying that the Name already exists.

See the following screenshot for a visual reference.


Last Updated: 25 Jun 2020 15:06 by ADMIN
The MsSqlServerStorage class uses a hard-coded string "TR" for its ApplicationName attribute in the connection string. This hard-coded string should be configurable and should not overwrite already existing ApplicationName attribute, if set.
Last Updated: 20 Feb 2020 08:57 by ADMIN
Created by: SPARE GmbH
Comments: 0
Type: Bug Report
The report engine calculates firstly how many rows will be necessary to accommodate the cell content and then the binding is taken into account. For example, if initially 2 lines are needed for the value of the textbox, the final cell height will be equal to two lines although later the width will be increased and the text will fit in a single line.