The Web Report Designer does not entirely comply with CSP standards, necessitating the use of the 'unsafe-eval' directive in our CSP policies to enable its functionality.
This directive poses significant security risks and undermines the purpose of implementing CSP in the first place. Please remove this requirement.
I set globally the culture on the Linux Ubuntu Docker Container. Interestingly, the negative currency with en-US and fr-CA was displayed with the '-' sign rather than in brackets.
This was reproduced even in the values set with the Text Function FormatWithCulture(cultureName, format, args). The function displayed wrong formatting also on Windows, even in the Standalone Report Designer for .NET 8.
When the global culture on Windows was en-US, the negative decimal value formatted without the FormatWithCulture function was displayed correctly in .NET 8.
In the .NET Framework, the negative currencies were displayed as expected in all scenarios.
I have linked also a muted video showing the issue.
If I use an HTML5-based Report Viewer with the default CONTINUOUS_SCROLL page mode and I start scrolling to the next page, the Get Document Page request is made multiple times for the same page.
If I move to the next page via the toolbar buttons or if I use the SINGLE_PAGE page mode, then problem is not reproduced.
Telerik.Reporting.nupkg has a dependency on ResXResourceReader.NetStandard.
Our 3rd party security audit has found the missing Digital Signature of this DLL. A digital signature would aid in verifying its authenticity and integrity.