Hide version in HTML source

14 posts, 0 answers
  1. Erick
    Erick avatar
    81 posts
    Member since:
    Feb 2010

    Posted 04 Sep 2018 Link to this post

    Hi,

    How we can hide the version of Telerik currently installed from the HTML source?
    We don't want to show this information at client side to prevent the hackers can use vunerabilities known in the version we used/installed in our applications.

    If we check the HTML source, we see the following:
    - <!-- 2018.2.710.45 -->
    - Telerik.Web.UI%2c+Version%3d2018.2.710.45 in Telerik.Web.UI.WebResource.axd

  2. Rumen
    Admin
    Rumen avatar
    14466 posts

    Posted 04 Sep 2018 Link to this post

    Hi Erick,

    All you need to hide the version from the generated markup is to set the 

      <add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>

    attribute in the web.config file. 

    The Telerik.ScriptManager.EnableHandlerEncryption—lets you enable the Telerik WebResource request querystring encryption. You can read more about this feature in the Encrypt Telerik WebResource Querystring article.

    Best regards,
    Rumen
    Progress Telerik
    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
  3. Erick
    Erick avatar
    81 posts
    Member since:
    Feb 2010

    Posted 10 Sep 2018 Link to this post

    Hi,

    Very much thanks for your answer, it indeed did hide the versions.
    But it causes some strange javascript errors en breaks the functionality on my application.

    Uncaught TypeError: Cannot read property 'apply' of null
        at Function.Type.callBaseMethod ()
        at c.RadMenuItem._createChildControls ()
        at c.RadMenuItem._ensureChildControls ()
        at c.RadMenuItem._getChildren ()
        at c.RadMenuItem.get_items ()
        at c.RadMenuItem._shouldOpen ()
        at c.RadMenu._onItemMouseOver ()
        at Telerik.Web.UI.EventMap._onDomEvent ()
        at HTMLDivElement.<anonymous> ()
        at HTMLDivElement.b ()

    It seems happen when:

    - Opening first RadWindow and close it (with ajax postback in parent page)
    - Opening second RadWindow and close it (without postback)
    - JS error thrown, radmenu not working anymore

    I'm using jQuery 3.3.1 but it don't matter of i re-enable the embedded jQuery, the error still happen.

    Configured the following in my web.config:

    <add key="Telerik.Skin" value="Windows7"/>
        <add key="Telerik.ScriptManager.EnableEmbeddedjQuery" value="false"/>
        <add key="Telerik.AsyncUpload.ConfigurationEncryptionKey" value="xx"/>
        <add key="Telerik.Upload.ConfigurationHashKey" value="xx"/>
        <add key="Telerik.Web.UI.DialogParametersEncryptionKey" value="xx"/>
        <add key="Telerik.ScriptManager.EnableHandlerEncryption" value="false" />
        <add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/>
        <add key="Telerik.Web.DisableCloudUploadHandler" value="true" />

     

    When i disable the EnableHandlerEncryption config, it works as expected again.

    Known issue??

    Kind regards,

    Jelle

     

     

     

  4. Erick
    Erick avatar
    81 posts
    Member since:
    Feb 2010

    Posted 10 Sep 2018 in reply to Erick Link to this post

    And i have configured the max url, querystring etc lengths as documented yet
  5. Rumen
    Admin
    Rumen avatar
    14466 posts

    Posted 13 Sep 2018 Link to this post

    Hi Erick,

    I tried to reproduce the problem with the provided information but without success.

    Can you please test with the latest R3 2018 version, we released yesterday?
    If the problem still persists, would you mind to provide a reproduction sample project where we can examine the issue?

    Best regards,
    Rumen
    Progress Telerik
    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
  6. Marin Bratanov
    Admin
    Marin Bratanov avatar
    5925 posts

    Posted 03 Oct 2018 Link to this post

    Hello,

    For anyone else having a similar issue, here are a few pointers from the private ticket we have been investigating this in.

    If the goal is to remove the Telerik controls version from the page, the easiest way to do that is to create a custom local CDN on the web application server: https://docs.telerik.com/devtools/aspnet-ajax/controls/scriptmanager/cdn-support/custom-cdn-provider. This is actually likely to improve caching over the usage of webresources for your end users.

    Another alternative is to remove the RadScriptManager. If you keep the url encryption key in the web.config, the HTML comment the first Telerik control renders on the page with its version will be omitted. The URLs of the standard handlers also do not contain versions.

    There seems to be a problem in a peculiar scenario as well, you can monitor it here.


    Regards,
    Marin Bratanov
    Progress Telerik
    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
  7. mu
    mu avatar
    5 posts
    Member since:
    Sep 2010

    Posted 08 Dec 2020 in reply to Rumen Link to this post

    Hello

    I have tried to add in webconfig as suggested and it was encrypted for partially.

    still showing version and token key in loadhandler function. Can u please help to suggest how should I encrypted.

  8. Rumen
    Admin
    Rumen avatar
    14466 posts

    Posted 08 Dec 2020 Link to this post

    Hi Mu,

    Can you please upgrade to R3 2020 SP1 (version 2020.3.1021) and test again?

    This version contains the following improvement:

    StyleSheetManager
    FIXED
    Hide Product Version when RadStyleSheetManager is on the page and EnableHandlerEncryption enabled

    If the problem still persists, please provide a screenshot of the problem and your web.config configuration.

     

    Regards,
    Rumen
    Progress Telerik

    Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

  9. mu
    mu avatar
    5 posts
    Member since:
    Sep 2010

    Posted 09 Dec 2020 in reply to Rumen Link to this post

    Thanks much

    It is working with new version.

     

  10. Rumen
    Admin
    Rumen avatar
    14466 posts

    Posted 09 Dec 2020 Link to this post

    Thank you for checking and confirming that everything is fine! 

    Best Regards,
    Rumen
    Progress Telerik

    Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

  11. mu
    mu avatar
    5 posts
    Member since:
    Sep 2010

    Posted 31 Dec 2020 in reply to Rumen Link to this post

    Hello Rumen

    After applied the EnableHandlerEncrytpion, facing some memory leak issue.

    Notice that RuntimeMethodHandle  and  HttpResponseUnmanagedBufferElement is keep increasing.

    Kindly advise .

    thanks

     

  12. Rumen
    Admin
    Rumen avatar
    14466 posts

    Posted 04 Jan Link to this post

    Hi Mu,

    Can you please perform the exact same memory test with the old version to ensure that it is indeed something new? You can also test with a brand new project with one or two Telerik AJAX controls on the page to see if there is also any differences.

    Please also provide detailed steps on how to reproduce the problem so that we can replicate it locally.

     

    Best Regards,
    Rumen
    Progress Telerik

    Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

  13. mu
    mu avatar
    5 posts
    Member since:
    Sep 2010

    Posted 05 Jan in reply to Rumen Link to this post

    Yes. We have tested with before and after changes in web.config for encryption.

    And there is not found below object in before changes in config. We can found that object in after changes.

    system.web.httpresponseUnmanagedBufferElement

    step 1. Before change in web.config and run the application and take dump

    Step 2. after change in web.config and run the application and take dump

    And compare those 2 dumps. Both are using same telerik version and difference is only changes in web.config

    Telerik.scriptManager.enableHandlerEncryption = true / false

     

  14. Rumen
    Admin
    Rumen avatar
    14466 posts

    Posted 06 Jan Link to this post

    Hi Mu,

    My request was to test with the old version of Telerik.Web.UI.dll used before the upgrade to see whether the memory leak is caused by the StyleSheetManager fix in version R3 2020 SP1 (version 2020.3.1021).

    The second request was to test with a new blank project with one or two UI components in it to see if there is still a memory leak.

    Do you get this system.web.httpresponseUnmanagedBufferElement from a stack trace of the error (for example like or similar to the one discussed in this forum) or it is something else? Please provide the whole information of your test plus a simple working project which demo the memory leaking issue.

    Thank you for your assistance on this matter!

    Regards,
    Rumen
    Progress Telerik

    Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Back to Top