Invalid Client Template after upgrading the Kendo UI ASP.NET MVC version from 2021.3.1109 to 2023.2.718

2 Answers 267 Views
Grid
Kumar
Top achievements
Rank 1
Kumar asked on 11 Aug 2023, 02:43 PM | edited on 11 Aug 2023, 02:44 PM

After upgrading the Kendo UI Asp.net MVC version from 2021 to 2023 in our application, we are getting an error saying "Invalid template" . It looks like there is an error in client template. Please let me know if there is anything to update in client template code.

 Html.Kendo().Grid<Report>()
                .Name("ReportsGrid")
                .Columns(columns =>
                {
                columns
                    .Bound(r => r.Name);

                columns
                    .Template(@<Text></Text>)
                               .ClientTemplate(string.Format("<a class='k-button' href='{0}?reportPath=#= ReportPath #' target='_blank'>Open Report</a>", Url.Action("OpenReport", "Report")));
                })

 

Error - Invalid template:'<a class='k-button' href='/Report/OpenReport?reportPath=#= ReportPath #' target='_blank'>Open Report</a>' Generated code:'var $kendoOutput, $kendoHtmlEncode = kendo.htmlEncode;with(data){$kendoOutput='<a class=\'k-button\' href=\'/Report/OpenReport?reportPath='+( ReportPath )+'\' target=\'_blank\'>Open Report</a>';}return $kendoOutput;

2 Answers, 1 is accepted

Sort by
0
Vasko
Telerik team
answered on 16 Aug 2023, 01:32 PM

Hello Kumar,

I've tested this particular scenario in a sample project and it works without throwing an exception. The value of the href attribute could be problematic, if it contains the '#' symbol. The thing with the .CustomTemplate() method is that it expects template syntax, and the syntax itself has some rules for what can be passed into it, so special symbols (like # for example) don't work, unless they are part of the template syntax. For example, this is valid: #= ReportPath # , however, if the value of ReportPath contains another '#' symbol, this will break the template.

My advice would be to check this ReportPath string you are trying to access and see if it has special characters and try to change them, so that it counts as a valid URL to be accessed. Hope this helps you out, feel free to ask us if you have any more questions.

Best regards,
Vasko
Progress Telerik

Stay tuned by visiting our public roadmap and feedback portal pages. If you're new to the Telerik family, be sure to check out our getting started resources, as well as the only REPL playground for creating, saving, running, and sharing server-side code.

Kumar
Top achievements
Rank 1
commented on 16 Aug 2023, 02:52 PM

Hi Vasko,

Thank you for your response. I've also raised a ticket - 1619805 for this one. Please see my latest comments for this issue. 

 "After troubleshooting the issue, we came to know this was due to removing the "CSP value 'unsafe-eval'

After adding the CSP value 'unsafe-eval' it's working.

<add name="Content-Security-Policy" value="script-src 'self' 'unsafe-eval' 'nonce-kendoInlineScript'" />

However, in latest release as there are csp improvements, therefore we've removed the 'unsafe-eval'.

I've tried this link after removing unsafe-eval, but still no luck and throwing the above error.

Other Reference link prior to 2021 version. We manage to remove the 'unsafe-inline' by following the below link

https://www.telerik.com/forums/csp-after-applying-script-src-self-kendo-control-doesn-t-work"

Please let me know if there are any changes to make this one work without using 'unsafe-eval' 

Thanks

0
Vasko
Telerik team
answered on 16 Aug 2023, 05:02 PM

Hi Kumar,

I just saw the support ticket you've raised and as things go, it should be better off to continue the discussion there, so that you don't get to see 2 different people answer on different places and give you 2 different solutions.

 

Kind regards,
Vasko
Progress Telerik

Stay tuned by visiting our public roadmap and feedback portal pages. If you're new to the Telerik family, be sure to check out our getting started resources, as well as the only REPL playground for creating, saving, running, and sharing server-side code.

Tags
Grid
Asked by
Kumar
Top achievements
Rank 1
Answers by
Vasko
Telerik team
Share this question
or