Rank 1
After upgrading the Kendo UI Asp.net MVC version from 2021 to 2023 in our application, we are getting an error saying "Invalid template" . It looks like there is an error in client template. Please let me know if there is anything to update in client template code.
Html.Kendo().Grid<Report>()
.Name("ReportsGrid")
.Columns(columns =>
{
columns
.Bound(r => r.Name);
columns
.Template(@<Text></Text>)
.ClientTemplate(string.Format("<a class='k-button' href='{0}?reportPath=#= ReportPath #' target='_blank'>Open Report</a>", Url.Action("OpenReport", "Report")));
})
Error - Invalid template:'<a class='k-button' href='/Report/OpenReport?reportPath=#= ReportPath #' target='_blank'>Open Report</a>' Generated code:'var $kendoOutput, $kendoHtmlEncode = kendo.htmlEncode;with(data){$kendoOutput='<a class=\'k-button\' href=\'/Report/OpenReport?reportPath='+( ReportPath )+'\' target=\'_blank\'>Open Report</a>';}return $kendoOutput;
2 Answers, 1 is accepted
Hello Kumar,
I've tested this particular scenario in a sample project and it works without throwing an exception. The value of the href attribute could be problematic, if it contains the '#' symbol. The thing with the .CustomTemplate() method is that it expects template syntax, and the syntax itself has some rules for what can be passed into it, so special symbols (like # for example) don't work, unless they are part of the template syntax. For example, this is valid: #= ReportPath # , however, if the value of ReportPath contains another '#' symbol, this will break the template.
My advice would be to check this ReportPath string you are trying to access and see if it has special characters and try to change them, so that it counts as a valid URL to be accessed. Hope this helps you out, feel free to ask us if you have any more questions.
Best regards,
Vasko
Progress Telerik
Stay tuned by visiting our public roadmap and feedback portal pages. If you're new to the Telerik family, be sure to check out our getting started resources, as well as the only REPL playground for creating, saving, running, and sharing server-side code.
Rank 1
Hi Vasko,
Thank you for your response. I've also raised a ticket - 1619805 for this one. Please see my latest comments for this issue.
"After troubleshooting the issue, we came to know this was due to removing the "CSP value 'unsafe-eval'
After adding the CSP value 'unsafe-eval' it's working.
<add name="Content-Security-Policy" value="script-src 'self' 'unsafe-eval' 'nonce-kendoInlineScript'" />
However, in latest release as there are csp improvements, therefore we've removed the 'unsafe-eval'.
I've tried this link after removing unsafe-eval, but still no luck and throwing the above error.
Other Reference link prior to 2021 version. We manage to remove the 'unsafe-inline' by following the below link
https://www.telerik.com/forums/csp-after-applying-script-src-self-kendo-control-doesn-t-work"
Please let me know if there are any changes to make this one work without using 'unsafe-eval'
Thanks
Hi Kumar,
I just saw the support ticket you've raised and as things go, it should be better off to continue the discussion there, so that you don't get to see 2 different people answer on different places and give you 2 different solutions.
Kind regards,
Vasko
Progress Telerik
Stay tuned by visiting our public roadmap and feedback portal pages. If you're new to the Telerik family, be sure to check out our getting started resources, as well as the only REPL playground for creating, saving, running, and sharing server-side code.