This is a migrated thread and some comments may be shown as answers.

Hide version in HTML source

13 Answers 939 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Erick
Top achievements
Rank 2
Erick asked on 04 Sep 2018, 10:28 AM

Hi,

How we can hide the version of Telerik currently installed from the HTML source?
We don't want to show this information at client side to prevent the hackers can use vunerabilities known in the version we used/installed in our applications.

If we check the HTML source, we see the following:
- <!-- 2018.2.710.45 -->
- Telerik.Web.UI%2c+Version%3d2018.2.710.45 in Telerik.Web.UI.WebResource.axd

13 Answers, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 04 Sep 2018, 11:52 AM
Hi Erick,

All you need to hide the version from the generated markup is to set the 

  <add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>

attribute in the web.config file. 

The Telerik.ScriptManager.EnableHandlerEncryption—lets you enable the Telerik WebResource request querystring encryption. You can read more about this feature in the Encrypt Telerik WebResource Querystring article.

Best regards,
Rumen
Progress Telerik
Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
0
Erick
Top achievements
Rank 2
answered on 10 Sep 2018, 12:14 PM

Hi,

Very much thanks for your answer, it indeed did hide the versions.
But it causes some strange javascript errors en breaks the functionality on my application.

Uncaught TypeError: Cannot read property 'apply' of null
    at Function.Type.callBaseMethod ()
    at c.RadMenuItem._createChildControls ()
    at c.RadMenuItem._ensureChildControls ()
    at c.RadMenuItem._getChildren ()
    at c.RadMenuItem.get_items ()
    at c.RadMenuItem._shouldOpen ()
    at c.RadMenu._onItemMouseOver ()
    at Telerik.Web.UI.EventMap._onDomEvent ()
    at HTMLDivElement.<anonymous> ()
    at HTMLDivElement.b ()

It seems happen when:

- Opening first RadWindow and close it (with ajax postback in parent page)
- Opening second RadWindow and close it (without postback)
- JS error thrown, radmenu not working anymore

I'm using jQuery 3.3.1 but it don't matter of i re-enable the embedded jQuery, the error still happen.

Configured the following in my web.config:

<add key="Telerik.Skin" value="Windows7"/>
    <add key="Telerik.ScriptManager.EnableEmbeddedjQuery" value="false"/>
    <add key="Telerik.AsyncUpload.ConfigurationEncryptionKey" value="xx"/>
    <add key="Telerik.Upload.ConfigurationHashKey" value="xx"/>
    <add key="Telerik.Web.UI.DialogParametersEncryptionKey" value="xx"/>
    <add key="Telerik.ScriptManager.EnableHandlerEncryption" value="false" />
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/>
    <add key="Telerik.Web.DisableCloudUploadHandler" value="true" />

 

When i disable the EnableHandlerEncryption config, it works as expected again.

Known issue??

Kind regards,

Jelle

 

 

 

0
Erick
Top achievements
Rank 2
answered on 10 Sep 2018, 12:16 PM
And i have configured the max url, querystring etc lengths as documented yet
0
Rumen
Telerik team
answered on 13 Sep 2018, 11:55 AM
Hi Erick,

I tried to reproduce the problem with the provided information but without success.

Can you please test with the latest R3 2018 version, we released yesterday?
If the problem still persists, would you mind to provide a reproduction sample project where we can examine the issue?

Best regards,
Rumen
Progress Telerik
Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
0
Marin Bratanov
Telerik team
answered on 03 Oct 2018, 05:06 PM
Hello,

For anyone else having a similar issue, here are a few pointers from the private ticket we have been investigating this in.

If the goal is to remove the Telerik controls version from the page, the easiest way to do that is to create a custom local CDN on the web application server: https://docs.telerik.com/devtools/aspnet-ajax/controls/scriptmanager/cdn-support/custom-cdn-provider. This is actually likely to improve caching over the usage of webresources for your end users.

Another alternative is to remove the RadScriptManager. If you keep the url encryption key in the web.config, the HTML comment the first Telerik control renders on the page with its version will be omitted. The URLs of the standard handlers also do not contain versions.

There seems to be a problem in a peculiar scenario as well, you can monitor it here.


Regards,
Marin Bratanov
Progress Telerik
Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
0
mu
Top achievements
Rank 1
answered on 08 Dec 2020, 06:41 AM

Hello

I have tried to add in webconfig as suggested and it was encrypted for partially.

still showing version and token key in loadhandler function. Can u please help to suggest how should I encrypted.

0
Rumen
Telerik team
answered on 08 Dec 2020, 04:50 PM

Hi Mu,

Can you please upgrade to R3 2020 SP1 (version 2020.3.1021) and test again?

This version contains the following improvement:

StyleSheetManager
FIXED
Hide Product Version when RadStyleSheetManager is on the page and EnableHandlerEncryption enabled

If the problem still persists, please provide a screenshot of the problem and your web.config configuration.

 

Regards,
Rumen
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

0
mu
Top achievements
Rank 1
answered on 09 Dec 2020, 06:51 AM

Thanks much

It is working with new version.

 

0
Rumen
Telerik team
answered on 09 Dec 2020, 08:10 AM

Thank you for checking and confirming that everything is fine! 

Best Regards,
Rumen
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

0
mu
Top achievements
Rank 1
answered on 31 Dec 2020, 08:32 AM

Hello Rumen

After applied the EnableHandlerEncrytpion, facing some memory leak issue.

Notice that RuntimeMethodHandle  and  HttpResponseUnmanagedBufferElement is keep increasing.

Kindly advise .

thanks

 

0
Rumen
Telerik team
answered on 04 Jan 2021, 04:57 PM

Hi Mu,

Can you please perform the exact same memory test with the old version to ensure that it is indeed something new? You can also test with a brand new project with one or two Telerik AJAX controls on the page to see if there is also any differences.

Please also provide detailed steps on how to reproduce the problem so that we can replicate it locally.

 

Best Regards,
Rumen
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

0
mu
Top achievements
Rank 1
answered on 06 Jan 2021, 01:39 AM

Yes. We have tested with before and after changes in web.config for encryption.

And there is not found below object in before changes in config. We can found that object in after changes.

system.web.httpresponseUnmanagedBufferElement

step 1. Before change in web.config and run the application and take dump

Step 2. after change in web.config and run the application and take dump

And compare those 2 dumps. Both are using same telerik version and difference is only changes in web.config

Telerik.scriptManager.enableHandlerEncryption = true / false

 

0
Rumen
Telerik team
answered on 06 Jan 2021, 08:44 AM

Hi Mu,

My request was to test with the old version of Telerik.Web.UI.dll used before the upgrade to see whether the memory leak is caused by the StyleSheetManager fix in version R3 2020 SP1 (version 2020.3.1021).

The second request was to test with a new blank project with one or two UI components in it to see if there is still a memory leak.

Do you get this system.web.httpresponseUnmanagedBufferElement from a stack trace of the error (for example like or similar to the one discussed in this forum) or it is something else? Please provide the whole information of your test plus a simple working project which demo the memory leaking issue.

Thank you for your assistance on this matter!

Regards,
Rumen
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Brett
Top achievements
Rank 1
commented on 24 May 2023, 10:20 PM

hi, is there a minimum version of tekerik Web UI i need to use this attribute? 

thanks!

Rumen
Telerik team
commented on 25 May 2023, 07:45 AM

The EnableHandlerEncryption setting was introduced in Q3 2015. So this is the minimal version you need to take advantage of it. Please note that we recommend upgrading to at least R1 2020 (version 2020.1.114) to prevent your app(s) from the known vulnerabilities in the earlier versions as explained in this article.

Tags
General Discussions
Asked by
Erick
Top achievements
Rank 2
Answers by
Rumen
Telerik team
Erick
Top achievements
Rank 2
Marin Bratanov
Telerik team
mu
Top achievements
Rank 1
Share this question
or