Hi,

We are using Kendo controls for MVC. There was a security scan done in our application, it capture few of the security issues.

We are able to fix all of the security issues except one.

CWE 829 - The application contains unsafe Content-Security-Policy (CSP) directives that could allow malicious script code to be included on the page.

So, as a result we have removed all the custom inline javascript and css to an external files and refer those external .js and .css files in our .cshtml page.

But when we use any of the Kendo controls like Kendo grid or Kendo calendar then in the runtime it create some inline scripts and we are getting application contains unsafe Content-Security-Policy (CSP) directives.

How to bypass those runtime inline scripts created by Kendo controls so that we don't get unsafe Content-Security-Policy (CSP) directives

during the security scan of the application.

Please let me know if you need any more information on this.

hi I have the following in my cshtml pages.

<div class="grid-scrollable">@(Html.Kendo().Grid<ViewModels.Admin.CDSUtilizationViewModel>() .Name("cdsgrid") .Columns(columns => { columns.Bound(c => c.Id).Width(150).Hidden(true); columns.Bound(c => c.Transaction_Id).Width(150).Hidden(true); columns.ForeignKey(p => p.Contract_Id, (System.Collections.IEnumerable)ViewData["ContractNumber"], "Id", "ContractNumber").Width(140); columns.ForeignKey(p => p.Contractor_Id, (System.Collections.IEnumerable)ViewData["ContractorName"], "Id", "ContractorName").Width(200); columns.ForeignKey(p => p.ServiceDetail_Id, (System.Collections.IEnumerable)ViewData["ServiceNameString"], "Id", "ServiceNameString").Width(300); columns.Bound(c => c.ServiceMonth).EditorTemplateName("Date").Format("{0:MMMM yyyy}").Width(120); columns.Bound(p => p.UnitsDelivered).EditorTemplateName("Integer").Width(80); columns.Command(command => { command.Edit().HtmlAttributes(new { @class = "btn-primary" }); command.Destroy().HtmlAttributes(new { @class = "btn-primary" }); }).Width(150); }) .ToolBar(tools => { tools.Create().Text("Add CDS Utilization Record").HtmlAttributes(new { @class = "btn-primary" }); tools.Excel().Text("Excel").HtmlAttributes(new { @class = "pull-right" }); }) .Editable(editable => editable.Mode(GridEditMode.InLine)) .Pageable(pageable => pageable.Refresh(true).PageSizes(true).ButtonCount(5)) .Selectable() .Filterable(f => f.Operators(o => o.ForString(s => s.Clear() .Contains("Contains") .DoesNotContain("Does not contain") .IsEqualTo("Is equal to") .IsNotEqualTo("Is not equal to") .StartsWith("Starts with") .EndsWith("Ends with ")))) .Resizable(resize => resize.Columns(true)) .Events(e => e.Edit("oncdsutilizationGridEdit")) .Excel(excel => excel.FileName("CDSUtilization.xlsx").Filterable(true).AllPages(true)) .DataSource(dataSource => dataSource.Ajax().PageSize(10).Model(model => { model.Id(p => p.Id); model.Field(p => p.Id).Editable(false); }) .Read(read => read.Action("CDSUtilizationRead", "CDSContractUtilization")) .Create(create => create.Action("CDSUtilizationCreate", "CDSContractUtilization")) .Update(update => update.Action("CDSUtilizationUpdate", "CDSContractUtilization")) .Destroy(destroy => destroy.Action("CDSUtilizationDestroy", "CDSContractUtilization")) .Events(events => events.Error("error"))) )</div>

[AcceptVerbs(HttpVerbs.Post)] public ActionResult CDSUtilizationCreate([DataSourceRequest]DataSourceRequest request, CDSUtilizationViewModel cdsutilization)

{

if (ModelState.IsValid) { cdsutilization.CreateDate = DateTime.Now; cdsutilization.Transaction_Id = Convert.ToInt32(cDSUtilizationService.GenerateMaxTrasactionIdCDSUtlization()); var cdsutilizationDataObj = cDSUtilizationService.AddAndSave(Mapper.Map<CDSUtilizationViewModel, CDSUtilization>(cdsutilization)); cdsutilization.Id = cdsutilizationDataObj.Id; }

return Json(new[] { cdsutilization }.ToDataSourceResult(request, ModelState));

}

and I want to display only Month and Year calendar

similar to this.

and up on my month selection I want to insert the first day of the selected month in to database.

can you please help.

I am using a Kendo.Filter object like the following to filter results in a Kendo Grid:

@(Html.Kendo().Filter<CustomPersonClass>()
     .Name("personFilter")
     .DataSource("peopleDS")
     .ApplyButton(false)
     .Fields(f =>
     {
         f.Add(p => p.LastName).Label("Last Name");
         f.Add(p => p.FirstName).Label("First Name");
         f.Add(p => p.MiddleName).Label("Middle Name");
         f.Add(p => p.StartDate).Label("Start Date").Operators(o => o.Date(d => d.Eq("Is equal to").Gte("Greater than equal").Lte("Less than equal")));
     })
)

 I have helper code to handle the toolbar in my Kendo Grid like the following, :

@helper ToolbarTemplate()
{
    <button class="k-button k-button-solid k-button-solid-base" id="applyFilter"><span class="k-icon k-i-filter"></span>Apply Filter</button>
    <button class="k-button k-button-solid k-button-solid-base" id="clearFilter">Reset</button>
    <button class="k-button k-grid-excel k-button-solid k-button-solid-base"><span class="k-icon k-i-excel"></span>Export to Excel</button>
}

I also have some JavaScript in a function to apply the filter when the Apply Filter button is clicked, as seen here:

$("#applyFilter").click(function (e) {
    //e.preventDefault();
    var myFilter = $("#personFilter").getKendoFilter();
    localStorage["kendo-person-filter-options"] = kendo.stringify(myFilter.getOptions().expression);
    myFilter.applyFilter();
});

The problem I am having is if I enter an invalid Leap Year date (e.g. 2/29/2003, since 2023 didn't have a February 29th), I get no data back; however, if I enter a valid Leap Year (e.g. 2/29/2004), my Kendo Grid will show data.  Is there a way to validate the date that is being entered manually into a DatePicker field used for filtering?  That is, if I use the DatePicker, it will not show me 2/29/2003 as an option, but if I type in 2/29/2003 and click Apply Filter, it doesn't throw any kind of error about 2/29/2003 being invalid.

Can we change the starting day of the week from Sunday to Monday? i.e. MO, TU, WE, TH, FR, SA, SU

Or Sunday to Saturday? i.e. SA, SU, MO, TU, WE, TH, FR

Instead of the current: SU, MO, TU, WE, TH, FR, SA

Hello,

for a new project we're considering ASP.NET MVC, or React (Kendo React)

We like to create a scheduler with multiple users next to each other, per day.

In attachment is an drawing of the expected result.

Is this feasable with Telerik Scheduler, with drag and drop availabilities to move appointments between users?

Thanks,

Jeroen

     I am using this:  

@(Html.Kendo().MultiViewCalendar().Name("calendar").Views(3).ShowViewHeader().Min(new DateTime(2020, 7, 1)).Max(new DateTime(2020, 9, 30)).Events(e => e.Change("change"))
            )

and I simply want to highlight/change background color of a few days in a list in my model.  Is there a simple way of doing that?

When I am using the calendar it is very small and I would like to expand it to fit the entire page width

Here is the code I am using:

 I am not sure if it would be in the css or if I can use the inline styling

Hey guys ,

 When there is a scheduler with options:

 max:date....

selectable:true

if we move a cell down with keyboard and we reach a cell greater then max then scheduler block .