Hi,
How we can hide the version of Telerik currently installed from the HTML source?
We don't want to show this information at client side to prevent the hackers can use vunerabilities known in the version we used/installed in our applications.
If we check the HTML source, we see the following:
- <!-- 2018.2.710.45 -->
- Telerik.Web.UI%2c+Version%3d2018.2.710.45 in Telerik.Web.UI.WebResource.axd
13 Answers, 1 is accepted
All you need to hide the version from the generated markup is to set the
<add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>
attribute in the web.config file.
The Telerik.ScriptManager.EnableHandlerEncryption—lets you enable the Telerik WebResource request querystring encryption. You can read more about this feature in the Encrypt Telerik WebResource Querystring article.
Best regards,
Rumen
Progress Telerik
Rank 2
Hi,
Very much thanks for your answer, it indeed did hide the versions.
But it causes some strange javascript errors en breaks the functionality on my application.
Uncaught TypeError: Cannot read property 'apply' of null at Function.Type.callBaseMethod () at c.RadMenuItem._createChildControls () at c.RadMenuItem._ensureChildControls () at c.RadMenuItem._getChildren () at c.RadMenuItem.get_items () at c.RadMenuItem._shouldOpen () at c.RadMenu._onItemMouseOver () at Telerik.Web.UI.EventMap._onDomEvent () at HTMLDivElement.<anonymous> () at HTMLDivElement.b ()It seems happen when:
- Opening first RadWindow and close it (with ajax postback in parent page)
- Opening second RadWindow and close it (without postback)
- JS error thrown, radmenu not working anymore
I'm using jQuery 3.3.1 but it don't matter of i re-enable the embedded jQuery, the error still happen.
Configured the following in my web.config:
<add key="Telerik.Skin" value="Windows7"/> <add key="Telerik.ScriptManager.EnableEmbeddedjQuery" value="false"/> <add key="Telerik.AsyncUpload.ConfigurationEncryptionKey" value="xx"/> <add key="Telerik.Upload.ConfigurationHashKey" value="xx"/> <add key="Telerik.Web.UI.DialogParametersEncryptionKey" value="xx"/> <add key="Telerik.ScriptManager.EnableHandlerEncryption" value="false" /> <add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/> <add key="Telerik.Web.DisableCloudUploadHandler" value="true" />
When i disable the EnableHandlerEncryption config, it works as expected again.
Known issue??
Kind regards,
Jelle
Rank 2
I tried to reproduce the problem with the provided information but without success.
Can you please test with the latest R3 2018 version, we released yesterday?
If the problem still persists, would you mind to provide a reproduction sample project where we can examine the issue?
Best regards,
Rumen
Progress Telerik
For anyone else having a similar issue, here are a few pointers from the private ticket we have been investigating this in.
If the goal is to remove the Telerik controls version from the page, the easiest way to do that is to create a custom local CDN on the web application server: https://docs.telerik.com/devtools/aspnet-ajax/controls/scriptmanager/cdn-support/custom-cdn-provider. This is actually likely to improve caching over the usage of webresources for your end users.
Another alternative is to remove the RadScriptManager. If you keep the url encryption key in the web.config, the HTML comment the first Telerik control renders on the page with its version will be omitted. The URLs of the standard handlers also do not contain versions.
There seems to be a problem in a peculiar scenario as well, you can monitor it here.
Regards,
Marin Bratanov
Progress Telerik
Rank 1
Hello
I have tried to add in webconfig as suggested and it was encrypted for partially.
still showing version and token key in loadhandler function. Can u please help to suggest how should I encrypted.
Hi Mu,
Can you please upgrade to R3 2020 SP1 (version 2020.3.1021) and test again?
This version contains the following improvement:
StyleSheetManager
FIXED
Hide Product Version when RadStyleSheetManager is on the page and EnableHandlerEncryption enabled
If the problem still persists, please provide a screenshot of the problem and your web.config configuration.
Regards,
Rumen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
Thanks much
It is working with new version.
Thank you for checking and confirming that everything is fine!
Best Regards,
Rumen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
Hello Rumen
After applied the EnableHandlerEncrytpion, facing some memory leak issue.
Notice that RuntimeMethodHandle and HttpResponseUnmanagedBufferElement is keep increasing.
Kindly advise .
thanks
Hi Mu,
Can you please perform the exact same memory test with the old version to ensure that it is indeed something new? You can also test with a brand new project with one or two Telerik AJAX controls on the page to see if there is also any differences.
Please also provide detailed steps on how to reproduce the problem so that we can replicate it locally.
Best Regards,
Rumen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
Yes. We have tested with before and after changes in web.config for encryption.
And there is not found below object in before changes in config. We can found that object in after changes.
system.web.httpresponseUnmanagedBufferElement
step 1. Before change in web.config and run the application and take dump
Step 2. after change in web.config and run the application and take dump
And compare those 2 dumps. Both are using same telerik version and difference is only changes in web.config
Telerik.scriptManager.enableHandlerEncryption = true / false
Hi Mu,
My request was to test with the old version of Telerik.Web.UI.dll used before the upgrade to see whether the memory leak is caused by the StyleSheetManager fix in version R3 2020 SP1 (version 2020.3.1021).
The second request was to test with a new blank project with one or two UI components in it to see if there is still a memory leak.
Do you get this system.web.httpresponseUnmanagedBufferElement from a stack trace of the error (for example like or similar to the one discussed in this forum) or it is something else? Please provide the whole information of your test plus a simple working project which demo the memory leaking issue.
Thank you for your assistance on this matter!
Regards,
Rumen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
hi, is there a minimum version of tekerik Web UI i need to use this attribute?
thanks!
The EnableHandlerEncryption setting was introduced in Q3 2015. So this is the minimal version you need to take advantage of it. Please note that we recommend upgrading to at least R1 2020 (version 2020.1.114) to prevent your app(s) from the known vulnerabilities in the earlier versions as explained in this article.