I have a question about the jquery version that is bundled with kendo UI. According to what I've read, there were several vulnerabilities in jquery that were patched in later jquery releases (CVE-2020-11022, CVE-2020-11023, CVE-2015-9251, CVE-2019-11358). Do these vulnerabilities exist in the jquery.min.js file that is included with the product download?

I saw a post here that said it was fixed for the ASP.NET AJAX version: https://www.telerik.com/forums/bundled-jquery-library-version-1-12-4-is-vulnerable

Did the MVC version also get this fix or was that just for ASP.NET AJAX?

I'm not sure if I should have posted this here or in the Kendo UI for jquery because we use the MVC helper and the jquery syntax for creating widgets.

 

I am trying to create an nested listviews but getting error in console when in .name of nested list view. Faced similar issue while creating nested grids

error in console:    jquery.min.js:2 Uncaught Error: Syntax error, unrecognized expression: #inner#=id#
    at fa.error (jquery.min.js:2:12750)
    at fa.tokenize (jquery.min.js:2:18803)
    at fa.select (jquery.min.js:2:21611)
    at Function.fa [as find] (jquery.min.js:2:7337)
    at n.fn.init.find (jquery.min.js:2:24126)
    at new n.fn.init (jquery.min.js:2:24693)
    at n (jquery.min.js:2:406)
    at HTMLDocument.<anonymous> (NCRFgfUserScreen:1138:3929)
    at i (jquery.min.js:2:27466)
    at Object.fireWith [as resolveWith] (jquery.min.js:2:28230)
fa.error @ jquery.min.js:2
fa.tokenize @ jquery.min.js:2
fa.select @ jquery.min.js:2
fa @ jquery.min.js:2
find @ jquery.min.js:2
n.fn.init @ jquery.min.js:2
n @ jquery.min.js:2
(anonymous) @ NCRFgfUserScreen:1138
i @ jquery.min.js:2
fireWith @ jquery.min.js:2
ready @ jquery.min.js:2
K @ jquery.min.js:2

below is my code.

<div id="Lots">
    @(Html.Kendo().ListView<Fellowship.Models.NCRPlantLot>()
    .Name("outerListView") // Use a unique name for the outer ListView
    .TagName("div")
    .Deferred()
    .DataSource(dataSource => dataSource
        .PageSize(8)
        .Model(model => {
            model.Id(p => p.id);
            model.Field(p => p.lot_number);
            model.Field(p => p.po_number);
            model.Field(p => p.quantity_affected);
            model.Field(p => p.quantityReturn_to_supplier);
        })
        .Create(create => create.Action("Editing_Create", "NCRData"))

        .Read(read => read.Action("ExampleData", "NCRData", new { id = "#=id#" }))
        .Update(update => update.Action("ExampleData", "NCRData"))
        .Destroy(destroy => destroy.Action("ExampleData", "NCRData"))

    )
    .Pageable()
    .ClientTemplateId("template") // Replace "template" with the ID of the template for the outer ListView
    .Editable()
)
    <!-- Template for Outer ListView (template) -->
    <script type="text/x-kendo-tmpl" id="template" nonce="@Application_Nonce">
    <div class="lot-view k-widget">
                <div class="task">
            @(Html.Kendo().ListView<Fellowship.Models.NCRPoDetails>()
                .Name("inner#=id#") // Use the generated unique identifier for each inner ListView
                .TagName("div")
                .Deferred()
                .DataSource(dataSource => dataSource
                    .PageSize(5)
                    .Read(read => read.Action("ExampleData2", "NCRData"))
                    .Model(model => {
                        model.Id(p => p.id);
                        model.Field(p => p.PO_Number);
                        model.Field(p => p.quantity);
                    })
                )
                .Pageable()
                .ClientTemplateId("inner") // Replace "template2" with the ID of the template for the inner ListView (if you haven't changed the ID, it should be fine as is)
                .Editable()

            )

        </div>
        <dl>
            <dt>Lot Number</dt>
            <dd>#:lot_number#</dd>
            <dt>Po Number</dt>
            <dd>
                # if (data.po_number && data.po_number.length > 0) { #
                    <p>#:data.po_number.join(', ')#</p>
                # } else { #
                    <p>No PO numbers available</p>
                # } #
            </dd>
            <dt>Quantity affected</dt>
            <dd>#:quantity_affected#</dd>
            <dt>quantityReturn_to_supplier</dt>
            <dd>#:quantityReturn_to_supplier#</dd>
        </dl>
        <div class="edit-buttons">
            <a role="button" class="k-button k-button-solid-base k-button-solid k-button-md k-rounded-md k-delete-button" href="\\#"><span class="k-button-icon k-icon k-i-close"></span></a>
            <a role="button" class="k-button k-button-solid-base k-button-solid k-button-md k-rounded-md k-edit-button" href="\\#"><span class="k-button-icon k-icon k-i-edit"></span></a>
        </div>

        <!-- Nested ListView (inner ListView) -->



        </div>

    </div>
    </script>
    <script nonce="@Application_Nonce">

    </script>
    <!-- Template for Inner ListView (template2) -->
    <script type="text/x-kendo-tmpl" id="inner" nonce="@Application_Nonce">
        <div class="inner-lot-view ">
            <dl>
                <dt>Lot Number</dt>
                <dt>Po Number</dt>
                <dd>
                    jn kj k.,m m,nklm.
                </dd>
                <dt>Quantity affected</dt>
            </dl>
            <div class="edit-buttons">
                <a role="button" class="k-button k-button-solid-base k-button-solid k-button-md k-rounded-md k-delete-button" href="\\#"><span class="k-button-icon k-icon k-i-close"></span></a>
                <a role="button" class="k-button k-button-solid-base k-button-solid k-button-md k-rounded-md k-edit-button" href="\\#"><span class="k-button-icon k-icon k-i-edit"></span></a>
            </div>
        </div>
    </script>




</div>
<div class="form-group row">
    @*<a id="add-new-button" role="button" class="k-button k-button-solid-base k-button-solid k-button-md k-rounded-md k-add-button" href="#"><span class="k-button-icon k-icon k-i-add"></span>Add new record</a>*@

    <button id="add-new-button" type="button" class="btn btn-primary k-add-button" style=" width: 10%; height: 1.5em;"> Add Lot</button>
</div>

Hi all,

due to my age (hmm, it sounded like a good excuse at least) I've been clawing myself to the WebForms paradigm for far too long and have decided to take the leap to the ASP.NET MVC (Core and Blazor would be fun, but unfortunately many of the hosting services I have to work with don't support it yet).

One question that struck me though is regarding security and authentication?

How do one make sure that the calls for instance the .Read, .Update or .Destroy on the Kendo UI Grid is only accessible if a user is logged on?

I am currently implementing Kendo UI for ASP.Net MVC.

My application has detected a vulnerability with the latest version of JQuery so there is no version to move to to resolve this vulnerability.

As Kendo comes with JQuery in the package is there work on-going to work with the JQuery community to fix this issue?

While Security testing of application through OWASP Zap tool, Medium risk level issue as 'Absence of Anti-csrf Token' in kendo.all.min.js is popping up 

Even I tried to upgrade kendo.all.min.js from 2021 to 2022 latest version

are there any ways to resolve it ?

A security scan caught security vulnerabilities on several javascript files included with ASP.NET MVC version 2021.3.1109:

[1] kendo 2021.3.1109 kendo.dataviz.map.min.js

"The application's tileTitle:this._tileTitle}},wrapIndex:function embeds untrusted data in the generated output with location, at line 26"

[2] kendo 2021.3.1109 kendo.data.min.js

"The application's e},destroyed:function embeds untrusted data in the generated output with wrapAll, at line 26"

[3] kendo 2021.3.1109 kendo.aspnetmvc.min.js

"The application's !function embeds untrusted data in the generated output with href, at line 25"

[4] kendo 2021.3.1109 kendo.mobile.min.js

"The application's r.rightElement=n embeds untrusted data in the generated output with inArray, at line 35"

Can I safely exclude these files from my project?

Thanks.

Hello,

We are using the Content-Security-Policy in our ASP.NET MVC application and also using the Kendo UI controls.

Here are the details of the Content-Security-Policy:

 

The application is running as expected until we remove the "unsafe-eval" from the "script-src" and the web page is throwing the below error:

 

Note:

• We have gone through instructions given in https://docs.telerik.com/aspnet-mvc/troubleshoot/troubleshooting-content-security-policy
• Here is the link of the sample application https://drive.google.com/file/d/1-wIb0dLE6UhUQc9gsjFYWTGBaPRjAcWG/view?usp=sharing

 

Please help us out.

Thanks & Regards

Raju Chauhan