or
1 answer
111 views
Hi,
We are facing a vulnerability (Missing XML Validation) in Ajaxtoolkit form (Animation.cs) that the input source is not been validated properly,which was identified by HPFortify tool.
We are using the Version 3.5.60501.0
Is any new version has come to overcome this issue?
If not, could you please give me a solution for this?
The below code is for you reference.
private static int GetNumber(string source, string tag)
{
using (XmlTextReader reader = new XmlTextReader(new StringReader(source)))
{
if (reader.Read())
{
while (reader.Read())
{
if (string.Compare(reader.Name, tag, StringComparison.OrdinalIgnoreCase) == 0)
return reader.LineNumber;
if (reader.NodeType == XmlNodeType.Element && !reader.IsEmptyElement)
reader.Skip();
}
}
}
return 1;
}
HP Fortify Error Description:
The method GetNumber() in Animation.cs fails to enable validation before using XML on line 238, which gives an attacker the opportunity to supply malicious input.
Appreciate your help!
Thanks,
Jeyachandran S
We are facing a vulnerability (Missing XML Validation) in Ajaxtoolkit form (Animation.cs) that the input source is not been validated properly,which was identified by HPFortify tool.
We are using the Version 3.5.60501.0
Is any new version has come to overcome this issue?
If not, could you please give me a solution for this?
The below code is for you reference.
private static int GetNumber(string source, string tag)
{
using (XmlTextReader reader = new XmlTextReader(new StringReader(source)))
{
if (reader.Read())
{
while (reader.Read())
{
if (string.Compare(reader.Name, tag, StringComparison.OrdinalIgnoreCase) == 0)
return reader.LineNumber;
if (reader.NodeType == XmlNodeType.Element && !reader.IsEmptyElement)
reader.Skip();
}
}
}
return 1;
}
HP Fortify Error Description:
The method GetNumber() in Animation.cs fails to enable validation before using XML on line 238, which gives an attacker the opportunity to supply malicious input.
Appreciate your help!
Thanks,
Jeyachandran S
Danail Vasilev
Telerik team
answered
on
28 Nov 2013
1 answer
136 views
Hi,
I have issue, when I click on fullscreen toggle button,
its only show me Editor only in IE
in other browsers its working fine.
I have issue, when I click on fullscreen toggle button,
its only show me Editor only in IE
in other browsers its working fine.
Ianko
Telerik team
answered
on
28 Nov 2013
2 answers
64 views
Hello .
I have an Grid In my Page and I have to use ItemTemplate ,becasue I want to create Items manually.
I have some problems in IE9 . when I use compatibilityview, Everything is Ok but when I DON'T use compatibilityview , some Cells ,will Shift to Left .
I attached SnapShots of my Problem to this threat .
Please Help me How I should solve this Problem , because I cant say to all of my site visitor That Use compatibilityview Mode, It is NOT good way.
I am Using Telerik 2013 Q1 SP1 .
I have an Grid In my Page and I have to use ItemTemplate ,becasue I want to create Items manually.
I have some problems in IE9 . when I use compatibilityview, Everything is Ok but when I DON'T use compatibilityview , some Cells ,will Shift to Left .
I attached SnapShots of my Problem to this threat .
Please Help me How I should solve this Problem , because I cant say to all of my site visitor That Use compatibilityview Mode, It is NOT good way.
I am Using Telerik 2013 Q1 SP1 .
Venelin
Telerik team
answered
on
28 Nov 2013
3 answers
100 views
I need to access some control feature like:
change dimension and text of a RadAsyncUploader button and things like this.
where do I find the documentation of the controls to get such kind of information?
thank you
Felice
change dimension and text of a RadAsyncUploader button and things like this.
where do I find the documentation of the controls to get such kind of information?
thank you
Felice
Plamen
Telerik team
answered
on
28 Nov 2013
3 answers
147 views
hi.. i'm new user for radschedular and i have questions some point.. i want to when the appointment is moved updated for database..
. js and. cs pages have only encode but I could not send my data OnClickAppointmentMoveEnd to radschedular_appointmentUpdate..
i have tried for this "schedular.updateAppointment(appointment)" but not contact to radschedular_appointmentUpdate in .cs file..
Any help would be great.
. js and. cs pages have only encode but I could not send my data OnClickAppointmentMoveEnd to radschedular_appointmentUpdate..
i have tried for this "schedular.updateAppointment(appointment)" but not contact to radschedular_appointmentUpdate in .cs file..
Any help would be great.
Plamen
Telerik team
answered
on
28 Nov 2013
1 answer
115 views
Hi guys,
How can i set different increment setting step for hour field and minute field.
I mean i would like to increment/decrease one hour when pressing up/down arrows. But i would like to increment/decrease 15 minutes when pressing up/down arrows.
Thank you for your help.
Sonia.
How can i set different increment setting step for hour field and minute field.
I mean i would like to increment/decrease one hour when pressing up/down arrows. But i would like to increment/decrease 15 minutes when pressing up/down arrows.
Thank you for your help.
Sonia.
6 answers
289 views
We're evaluating the trial version of the Telerik AJAX control suite, and we like it very much.
However, regarding the Grid we're wondering why we need to sort a column in ascending order first when we know upfront we want to sort descending.
The way it is now we need to fetch all data twice which costs extra time and is irritating as well.
Why not 2 sort arrows in the column header so we can trigger the sorting order we need right away?
However, regarding the Grid we're wondering why we need to sort a column in ascending order first when we know upfront we want to sort descending.
The way it is now we need to fetch all data twice which costs extra time and is irritating as well.
Why not 2 sort arrows in the column header so we can trigger the sorting order we need right away?
3 answers
147 views
In my grid if I set the DataKeyName field ReadOnly to "true" so it cannot be edited when I click a row to enter edit mode I get this error,
Unhandled exception at line 885, column 13 in http://localhost:59512/ScriptResource.axd?d=j9g8KwFmyomCksH8Wgu8D921e69mOXBSgcRNM_TYTpo8fsl9bB8knaOk3eJy7i5Vsb6eNonPd3OAqh2MBYPCrNV52HuzPz2Aa-oyIrtDhXd-WOK9m-TImS6nd3inJNNp1xw6jnQGAvJnKfjurTJifqmDUI5njfi6aRYOERJTLDf7VE7Tms_H7Dr6lpjgTT2J0&t=6119e399
0x800a139e - JavaScript runtime error: Sys.WebForms.PageRequestManagerServerErrorException: Value cannot be null.
Parameter name: g
If I do not set the DataKeyName field ReadOnly="true" I do not get this error, but the field is shown and editable in the edit popup.
Unhandled exception at line 885, column 13 in http://localhost:59512/ScriptResource.axd?d=j9g8KwFmyomCksH8Wgu8D921e69mOXBSgcRNM_TYTpo8fsl9bB8knaOk3eJy7i5Vsb6eNonPd3OAqh2MBYPCrNV52HuzPz2Aa-oyIrtDhXd-WOK9m-TImS6nd3inJNNp1xw6jnQGAvJnKfjurTJifqmDUI5njfi6aRYOERJTLDf7VE7Tms_H7Dr6lpjgTT2J0&t=6119e399
0x800a139e - JavaScript runtime error: Sys.WebForms.PageRequestManagerServerErrorException: Value cannot be null.
Parameter name: g
If I do not set the DataKeyName field ReadOnly="true" I do not get this error, but the field is shown and editable in the edit popup.
0 answers
89 views
Nevermind. Its totally user error.
Beth
Top achievements
Rank 1
Rank 1
asked
on
27 Nov 2013
4 answers
132 views
I have a GridTemplateColumn that has a checkbox as a item template.
How can i update a column say "ClassNo" with a value in a textbox on a button click.
Any idea or work around
Thank you
How can i update a column say "ClassNo" with a value in a textbox on a button click.
Any idea or work around
Thank you
