or
2 answers
1.8K+ views
On my OWASP ZAP scans of our app (which uses asp.ajax controls 2021.3), I get the following warning (see below).
Could you please advise whether there's any plans to update the embedded jquery library to the latest?
| Medium (Medium) | Vulnerable JS Library |
|---|---|
| Description | The identified library jquery, version 1.12.4 is vulnerable. |
| URL | https://test.xxxxx.com/Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=%3B%3BSystem.Web.Extensions%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D31bf3856ad364e35%3Aen-GB%3Aba1d5018-bf9d-4762-82f6-06087a49b5f6%3Aea597d4b%3Ab25378d2%3BTelerik.Web.UI%2C%20Version%3D2021.3.914.45%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D121fae78165ba3d4%3Aen-GB%3Abd4f5d20-e2f4-41b1-99ef-02ee4a064af0%3A16e4e7cd%3Af7645509%3Aed16cbdc%3A88144a7a%3A33715776%3A24ee1bba%3A6d43f6d9%3Ac128760b%3A874f8ea2%3A19620875%3Ac172ae1e%3Af46195d3%3A9cdfc6e7%3Ae330518b%3A2003d0b8%3A1e771326%3Ac8618e41%3Ae4f8f289%3A1a73651d%3A16d8629e&_TSM_HiddenField_=RadScriptManager1_TSM&compress=1 |
| Method | GET |
| Evidence | /*! jQuery v1.12.4 |
| Instances | 1 |
| Solution | Please upgrade to the latest version of jquery. |
| Other information | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| Reference | https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ http://research.insecurelabs.org/jquery/test/ https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b https://bugs.jquery.com/ticket/11974 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
| CWE Id | 829 |
| Source ID | 3 |
Rumen
Telerik team
answered
on
24 Sep 2024
1 answer
88 views
For RadGrid, after setting EnableKeyboardShortcuts to false, I find the Up/Down keys are also disabled. However, according to your online document below, the Up/Down keys shouldn't be disabled in this case. Do you have the issue?
"To enable this feature you have to set the ClientSettings -> AllowKeyboardNavigation property of the grid to true (it's default value is false). The grid also features an additional property ClientSettings -> KeyboardNavigationSettings -> EnableKeyboardShortcuts which when set to false will disable all keyboard navigation shortcuts except for the Up/Down and Page Up]/Page Down keys. This is done with a view to facilitating the developer if he intends to implement his own scenario if the above-listed keys (with the exceptions mentioned) have been pressed."
Attila Antal
Telerik team
answered
on
18 Sep 2024
1 answer
57 views
I think I've found a bug in the Grid when in batch edit mode. I have created a following grid;
<telerik:RadGrid ID="grdFees" runat="server" AutoGenerateColumns="False" GridLines="None"
AllowSorting="False" Height="310px"
OnNeedDataSource="grdFees_NeedDataSource"
OnPreRender="grdFees_PreRender"
OnItemDataBound="grdFees_ItemDataBound">
<MasterTableView CellPadding="4" CommandItemDisplay="Top" EditMode="Batch" DataKeyNames="FeeTypeId, CurrencyCode, ShowCurrencyCode, Paid" ClientDataKeyNames="Paid,ShowCurrencyCode">
<CommandItemSettings ShowExportToWordButton="false" ShowExportToExcelButton="false"
ShowExportToCsvButton="false" ShowExportToPdfButton="false" ShowRefreshButton="false"
ShowAddNewRecordButton="false" />
<BatchEditingSettings EditType="Row" HighlightDeletedRows="true" OpenEditingEvent="Click" />
<Columns>
<telerik:GridBoundColumn UniqueName="Name" DataField="Name" HeaderStyle-Width="100px" ReadOnly="True" />
<telerik:GridNumericColumn UniqueName="Amount" DataField="Amount" HeaderStyle-Width="70px" HeaderText="Amount" DecimalDigits="3" />
<telerik:GridTemplateColumn UniqueName="CurrencyCode" DataField="CurrencyCode" HeaderText="Currency Code" DefaultInsertValue="GBP" HeaderStyle-Width="60px">
<ItemTemplate>
<%# Eval("CurrencyCode") %>
</ItemTemplate>
<EditItemTemplate>
<telerik:RadComboBox RenderMode="Lightweight" runat="server" ID="CurrencyCodeDropDown" DataValueField="CurrencyCode"
DataTextField="CurrencyCode" MarkFirstMatch="true" AllowCustomText="true" >
</telerik:RadComboBox>
</EditItemTemplate>
</telerik:GridTemplateColumn>
<telerik:GridCheckBoxColumn UniqueName="Paid" DataField="Paid" HeaderStyle-Width="20px" HeaderText="Paid" SortExpression="Paid" ReadOnly="true" />
<telerik:GridBoundColumn UniqueName="PaidDate" DataField="PaidDate" HeaderText="Paid Date" HeaderStyle-Width="100px" ReadOnly="True"
DataFormatString="{0:yyyy-MM-dd HH:mm:ss}" />
</Columns>
</MasterTableView>
<ClientSettings>
<Scrolling AllowScroll="True" UseStaticHeaders="True" />
<ClientEvents OnBatchEditOpening="onBatchEditOpening" />
</ClientSettings>
</telerik:RadGrid>with the javascript;
function onBatchEditOpening(sender, args)
{
var row = args.get_row();
var grid = $find("<%=grdFees.ClientID %>");
var masterTable = grid.get_masterTableView();
var rows = masterTable.get_dataItems();
var isPaid = rows[row.sectionRowIndex].getDataKeyValue("Paid");
if (isPaid === "True")
{
// prevent any editing on paid fees
args.set_cancel("true");
return;
}
var showCC = rows[row.sectionRowIndex].getDataKeyValue("ShowCurrencyCode");
if (showCC === "False" && args.get_columnUniqueName() == "CurrencyCode")
{
// do not show Currency Code drop down menu
args.set_cancel("true");
}
}I want to prevent the RadComboBox from appearing if a value in the dataset is false. The good news is that it works. The bad news is after clicking on a row where showCC is false, the rest of the grid becomes unresponsive.
The grid comes back to life after clicking on Cancel Changes.
Is this a bug?
Vasko
Telerik team
answered
on
16 Sep 2024
1 answer
61 views
Hi Telerik Team,
I have an appointment with start time as 11 Sep 24 11:00 PM and ends at 12 Sep 24 3:00 AM ( tooltip shows the correct start time and end time supplied). The start time displays wrongly with a right arrow. Also it varies as the resolution changes. Please find the below images.
Please provide a resolution for the issue. I need to show the start time as 11 PM and should not change while resolution change.
NOTE: It displays the End time correctly even with different resolutions.
Thanks
Sathyendranath
Sathyendranath
Top achievements
Rank 1
Iron
Iron
Rank 1
Iron
Iron
answered
on
12 Sep 2024
1 answer
85 views
I have data called BookedHours and it is hours that are booked in a day.
Each day's booked hours is totaled from another field called WorkType.
For example, today there are 40 booked hours, 8 of which are vacation, 16 are labor, and 16 are holiday.
I want to have a column that displays the total 40 booked hours in the day, but I want the stacked columns to display the data split up. Following the same example above, 8 hours of the column for today is vacation (colored red), 16 hours stacked on top of that in the same column is labor (colored blue), etc...
I have tried sooo much to get this to work and I can't figure out a way to group the data into a column like that. Here is the HTML code I have:
Thanks!
Each day's booked hours is totaled from another field called WorkType.
For example, today there are 40 booked hours, 8 of which are vacation, 16 are labor, and 16 are holiday.
I want to have a column that displays the total 40 booked hours in the day, but I want the stacked columns to display the data split up. Following the same example above, 8 hours of the column for today is vacation (colored red), 16 hours stacked on top of that in the same column is labor (colored blue), etc...
I have tried sooo much to get this to work and I can't figure out a way to group the data into a column like that. Here is the HTML code I have:
<telerik:RadHtmlChart ID="RadHtmlChartInstall" runat="server" DataSourceID="odsChart1">
<PlotArea>
<Series>
<telerik:ColumnSeries DataFieldY="BookedHours" GroupName="WorkType" Stacked="true">
<LabelsAppearance Visible="false"></LabelsAppearance>
</telerik:ColumnSeries>
</Series>
<XAxis DataLabelsField="Day">
<TitleAppearance Text="Day">
<TextStyle Margin="5" Color="Black" Bold="true" />
</TitleAppearance>
<MajorGridLines Visible="false" />
<MinorGridLines Visible="false" />
<LabelsAppearance RotationAngle="270" Color="Black" />
</XAxis>
<YAxis>
<TitleAppearance Text="Booking Time">
<TextStyle Margin="5" Color="Black" Bold="true" />
</TitleAppearance>
<MinorGridLines Visible="false" />
<LabelsAppearance>
<TextStyle Margin="3" Color="Black" />
</LabelsAppearance>
</YAxis>
</PlotArea>
<Legend>
<Appearance Position="Bottom">
<TextStyle Color="Black" />
</Appearance>
</Legend>
</telerik:RadHtmlChart>Thanks!
Rumen
Telerik team
answered
on
11 Sep 2024
1 answer
68 views
I would like to use the Grid in batch editing mode in a very similar layout to the https://demos.telerik.com/aspnet-ajax/grid/examples/data-editing/batch-editing/defaultcs.aspx example. But I need to load the RadDropDownList from the .cs. I can not map a asp:SqlDataSource to the nested control.
Please can someone provide me with an example.
TIA.
Rumen
Telerik team
answered
on
10 Sep 2024
1 answer
63 views
We have one functionality that , we add search text in RadAutoComplete and on basis on entered text "Treelist" refreshes data.But issue is when we put cursor in RadAutoComplete and click ctrl+A, it first time highlights the text from RadAutoComplete and when we second time press ctrl+A the cursor goes off and it selects entries from Treelist.So how can i handle ctrl+A for RadAutoComplete so that it hold the cursor and highlight the text.
Rumen
Telerik team
answered
on
09 Sep 2024
2 answers
137 views
Hi,
Is it possible to add cell comments? This is helpful to give users understanding of the cell values.
Thanks,
Tim
Rumen
Telerik team
answered
on
03 Sep 2024
8 answers
493 views
Hi Telerik team,
Some of our customers are experiencing span or br tags being
added into the HTML when they are backspacing to adjust space or combine
paragraphs. It happens on Chrome and Firefox browsers only ( please see attachments for HTML ).
Chrome browser:
Span tag is added automatic if you use backspace key to
combine paragraphs. “<span style="???;">”, style can be
background color, font size of or letter spacing. We cannot reproduce it on
Telerik demo site.
Firefox browser:
If you combine the last paragraph, <br
class="t-last-br" /> will added in the paragraph element. This
issue can reproduce it on Telerik demo site too.
We tried a few things but we still cannot solve it.
1. We tried version 2020.2.617.40 and 2020.3.1021
2. Set rendermode to classic or lightweight
3. Force to clear all Editor css files ( radEditor.CssFiles.Clear() );
4. Changed new line mode to P, BR and div
Please be advised if there a solution for it!
Thanks in advance,
Lan
Rumen
Telerik team
answered
on
02 Sep 2024
2 answers
78 views
Hi,
How can I let the RadSearchbox button act as the DefaultButton in an asp:Panel?
So that when ENTER is given no other buttons on the page are triggered?
Marc
Rumen
Telerik team
answered
on
30 Aug 2024
