We have an application that uses RadGrid and one of our clients recently performed a penetration test on our application and identified the hidden input _ClientState as a vulnerability because they were able to trigger a buffer overflow error.

Here is the relevant code from the test where ClientState=AAA repeats ...

Is there a way to prevent this from happening? Perhaps some way to set the max length for this hidden input or some other technique that we can utilize to mitigate this vulnerability?

We are using Telerik RadControls for ASP.NET Ajax.

For reference, there is another thread related to this topic (i.e., ClientState hidden field) where my colleague posted a similar question but received no response - http://www.telerik.com/forums/what-is-clientstate-input-hidden-for

Hello

we have an application that needs to be put behind a reverse proxy for security reasons. The URLs in the app all need to point to the reverse proxy URLs. However, the URLs for web resources and the dynamically generated JavaScript URLs point to the backend server, so a lot of functionality is broken. We have no possibility to modify reverse proxy rules.

Is there any way to modify or rewrite  the dynamically generated URLs and the web resource URLs ? We tried intervening the page rendering, some stuff works, but a lot of other things do not.

Thanks! 

Hi,

I isolated this script to display overlay drawer but it not working properly, what am I missing?:

I checked the demo at https://demos.telerik.com/aspnet-ajax/window/examples/rendermodes/defaultcs.aspx?skin=MetroTouch with render mode set to classic in Chrome's Dev Tools > Mobile device emulator. I noticed a vertical line between the td cells in the title bar row as shown in screenshot below. I also noticed a similar issue with Metro skin in classic render mode. If I view the same in non-mobile mode in Chrome then this issue disappears. Perhaps, its some styling issue, but I could not find any CSS causing this.

It makes the title bar look non-uniform and not good in appearance.

What is causing the break among the td cells in the title bar for this case? (i.e. vertical line can be seen where the first td cell in title bar ends and then where the third td cell begins)

However, I did find a workaround solution using the  jquery code below. 

$(".RadWindow:visible").each((index, emt) => {
    $(this).find("tr.rwTitleRow td.rwTopLeft, .RadWindow tr.rwTitleRow td.rwTopRight").css("display", "none");
    $(this).find("tr.rwTitleRow td.rwTitlebar").attr("colspan", "3");
});

I have encountered a niche issue I'm trying to solve. I have a grid with EnableViewState set to false. Based on this, the control state within the grid is used to manage things like sort expressions.

My issue is simply this:

1. Page load
2. Programmatically add columns to a grid
3. On the UI, sort on a column, and its name for example is 'My Column', this becomes 'My Column ASC'
4. On our app are objects in which its name we can add as a column to the same grid
5. Somewhere in our app I rename the object's name to something else like 'My New Column' - note the sort expression is still 'My Column ASC'
6. Back to the grid, I cause a postback (e.g., rebind) or reorder a column, or sort, etc.
7. The columns need to be re-added (I've covered a case to exclude the column with the old name)
8. Before columns are added again, I manually clear sort expressions on the grid
9. While debugging, I found that in the ColumnCreated event, the grid sort expressions restore to what they were before the postback, and I see 'My Column ASC' - I find that whenever adding a SortExpression referencing a non-existing column, the program always breaks

I debugged against a few events of the grid and found that in ColumnCreated (after NeedDataSource) the grid restored its sort expressions from what I presume is the control state. So, this was between NeedDataSource and ColumnCreated.

When exactly did the sort expressions get restored, and is there an event I can listen to?

Good morning once again.

Today I am trying to apply an image to the RadImageButton, however only the Text is showing, never the image.  Not sure what the issue is.

Note: there is no code behind for this button yet, its just static for testing purposes. 

<telerik:RadImageButton ID="RadImageButton1" runat="server" Text="Cat II/III" Width="50px" Height="50px">
            <Image Url="Content/Images/Cat3.png" />
        </telerik:RadImageButton>

Hello

I have several RadGrids with custom css applied to the columns.  Everything works as intended.  However, when a column is sorted, telerik applied the .rgSorted css and this completely defeats the purpose of the gird (in our application).  What is the procedure to DISABLE or DELETE the .rgSorted css, as this particular class will never be needed or used. 

Note: any css class definition with !important cannot be used in this context.

Thank you

I'm experiencing an issue where the page becomes unresponsive for a long time whenever any Telerik control (such as refresh or loader) is triggered. The page keeps loading indefinitely, causing significant delays, and eventually, the page becomes unresponsive.

Additionally, the following error appears in the browser console:

Uncaught Sys.WebForms.PageRequestManagerTimeoutException: Sys.WebForms.PageRequestManagerTimeoutException: The server request timed out.
at Error.create (https://test.plc.com/GS/Telerik.Web.UI.WebResource.axd?...:6:2736)
at Sys.WebForms.PageRequestManager._createPageRequestManagerTimeoutError (https://wpinhouse.knpc.com/GPCS/Telerik.Web.UI.WebResource.axd?...:15:11219)
at Sys.WebForms.PageRequestManager._onFormSubmitCompleted (https://wpinhouse.knpc.com/GPCS/Telerik.Web.UI.WebResource.axd?...:15:11219)

The issue arises when interacting with Telerik controls that trigger a page request, causing the page to hang and ultimately become unresponsive.

issue started from Feb 17 2025

I am getting error "You are trying to navigate to a non-existing folder or you do not have proper permissions to view this folder.
Please, contact the administrator." in my production environment. It is happening randomly. 

Thanks.