Sync with Kendo UI Professional

Author: kendo-bot

docs-aspnet/_config.yml

@@ -442,15 +442,18 @@ navigation:
      "accessibility":
         title: "Accessibility"
         position: 10
+     "security":
+        title: "Security"
+        position: 11
      "deployment":
         title: "Deployment"
-        position: 11
+        position: 12
      "integration-with-other-telerik-products":
         title: "Integration with Other Telerik Products"
-        position: 12
+        position: 13
      "cloud-integration":
         title: "Cloud Integration"
-        position: 13
+        position: 14
      "cloud-integration/amazon-web-services":
         title: "Amazon Web Services"
         position: 2
@@ -462,7 +465,7 @@ navigation:
         position: 4
      "backwards-compatibility":
         title: "Breaking Changes"
-        position: 14
+        position: 15
      "*appearance":
         title: "Appearance"
      "*/binding":

docs-aspnet/html-helpers/helper-basics/security-and-validation.md renamed to docs-aspnet/security/security-and-validation.md

@@ -1,17 +1,17 @@
 ---
-title: Security and Validation
-page_title: Security and Validation
+title: Useful Tips
+page_title: Security and Validation Useful Tips
 description: "Get started with Telerik UI for {{ site.framework }} and learn the fundamentals for XSS and CSRF attacks."
 slug: aspnetcore_security_gettingstarted
-previous_url: /getting-started/helper-basics/security-and-validation
-position: 9
+previous_url: /getting-started/helper-basics/security-and-validation, /html-helpers/helper-basics/security-and-validation
+position: 2
 ---
 
-# Security and Validation
+# Security and Validation Useful Tips
 
 Preventing Cross-site scripting (XSS) and implementing validation for Cross-Site Request Forgery(CSRF) tokens can significantly boost the security of the application and prevent malicious script execution. 
 
-## Cross-Site Scritping
+## Cross-Site Scripting
 
 ### XSS Attacks 
 

docs-aspnet/security/security-faq.md

@@ -0,0 +1,67 @@
+---
+title: FAQ
+page_title: Security FAQ
+description: "Find answers to common questions about securing {{ site.product }} components, including how to report vulnerabilities, handle third-party dependencies, and receive security fixes."
+slug: security_aspnetmvc6_aspnetmvc
+position: 3
+---
+
+# Frequently Asked Questions (FAQ)
+
+In this article, you will find essential information and resources to help you secure {{ site.product }} components. Whether you need to report vulnerabilities, manage third-party dependencies, or understand how security fixes are delivered, this FAQ provides clear guidance on our security processes. Explore best practices and learn how Progress ensures the highest level of security for its products, from vulnerability reporting to compliance with industry standards.
+
+## How can I submit a security vulnerability report?
+
+If you have identified a potential security vulnerability in a Telerik or Kendo UI product, you can report it through the following channels:
+
+- **For Progress Customers**: Submit a security report by opening a support ticket through the [Technical Support Center](https://www.telerik.com/account/support-center). Provide detailed information, including the steps to reproduce the issue and any relevant reports or screenshots.
+
+- **For Security Researchers**: Ethical hackers and security researchers can report vulnerabilities through our [Bugcrowd Vulnerability Disclosure Program](https://bugcrowd.com/engagements/whatsupgold-vdp). This platform ensures that security issues are addressed efficiently and transparently.
+
+We will review the report and follow up in line with our security processes, making every effort to resolve confirmed vulnerabilities in a timely manner.
+
+---
+
+## What if clients are using a third-party scanning tool and want our assessment?
+
+Clients can open a support ticket through the [Technical Support Center](https://www.telerik.com/account/support-center) for the respective product and submit detailed information, including scan reports (PDF/Word/Excel/Screenshot) triggered against a no-minified version of the scripts and steps to reproduce or evidence of the issue. Our team will review and respond accordingly. We treat Security Vulnerability reports with **highest priority** and we engage with our internal Security Champions for revisions.
+
+> Tip: We recommend running the scan against the latest product version, as the problem may have already been resolved. 
+
+---
+
+## What is Progress's policy on handling third-party dependencies?
+
+Progress uses leading commercial tools to automatically monitor and update third-party dependencies in our Telerik and Kendo GitHub projects. Alerts are set up for all GitHub-hosted products, and any identified vulnerable dependencies are addressed by the repository owners and our dedicated security team.
+
+Note: Our definition of "done" includes successful builds that are scanned using top security scanning tools, and the resolution of any security alerts.
+
+---
+
+## Is security integrated into the CI pipeline?
+
+Yes, for example, our CI builds are integrated with some of the leading security scanning tools to ensure that new code commits do not introduce vulnerabilities or insecure code.
+
+---
+
+## How does Progress prioritize security reports?
+
+We prioritize security vulnerability reports with the highest urgency. When we receive an inquiry or vulnerability report, we begin by analyzing the issue to determine whether it's a false positive or a valid concern. If the report is confirmed as valid, we assess its severity using the CVSS (Common Vulnerability Scoring System) and promptly release a patch based on the severity level.
+
+---
+
+## How are security fixes shipped?
+
+Security fixes are typically included in the next product release. Similar to the bug fixes policy, we maintain and commit to support the latest version of the product. That said, if you want to benefit from a security fix, you will need to upgrade to the version where the fix exists.
+
+---
+
+## How are customers notified about security fixes?
+
+Once a vulnerability is fixed, we aim to release a patched version of the product. Depending on the severity of the issue, we may notify customers through CVE publications, email, blog posts, KB articles, or Release Notes for the specific product.
+
+---
+
+## Does Progress/Telerik have any security certifications or accreditation, such as SOC 2 or other industry-recognized standards?
+
+Yes, Progress and DevTools products perform annual SOC 2 compliance, which validates our commitment to security, confidentiality, and privacy. You can find more information about our compliance on the [Progress Trust Center](https://www.progress.com/trust-center). Additionally, we align our security practices with industry-leading frameworks to maintain and continually improve our high security standards.

docs-aspnet/security/security.md

@@ -0,0 +1,85 @@
+---
+title: Overview
+page_title: Security Overview
+description: "Learn how to secure {{ site.product }} components and your web application with best practices, vulnerability reporting, and component-specific security guidelines."
+slug: security_information_aspnetmvc6_aspnetmvc
+tags: telerik, asp, net, core, asp.net, security, mvc, xss, owasp, csp
+position: 1
+---
+
+# Security
+
+In today's world, security is more critical than ever. At Progress, we prioritize our customers' security, ensuring that our products are built with a strong foundation to safeguard their data and operations. We are committed to identifying and addressing potential vulnerabilities to provide our clients with the highest level of protection and confidence in our products.
+
+## Purpose of this Article
+
+This article covers common security-related questions, best practices, and the tools and processes we use to ensure the security of our products. It also outlines how customers and security researchers can report security issues, including our processes to mitigate risks. We provide guidance for submitting security reports through technical support or Bugcrowd, ensuring a clear pathway for identifying and addressing security concerns.
+
+## Reporting Security Vulnerabilities
+
+Whether you're a customer encountering an issue or a security researcher, we have processes to ensure a swift response and evaluation. Below are the steps for Progress customers and security researchers to report potential security vulnerabilities:
+
+### For Progress Customers
+
+At Progress, we work diligently to identify and fix security vulnerabilities in our products. Customers who believe they have identified a security issue should contact Technical Support for an evaluation. This allows us to document the issue and have our engineering teams confirm and address it as needed. Customers can submit reports through our support center:
+- [Technical Support](https://www.telerik.com/account/support-center)
+- [Contact Us](https://www.telerik.com/account/support-center/contact-us/technical-support)
+
+### For Security Researchers
+
+We value the contributions of security researchers and ethical hackers. If a researcher identifies a potential vulnerability, they can submit it via our [Bugcrowd](https://bugcrowd.com/engagements/devtools-vdp) platform. We aim to meet the following response times:
+
+| Type of Response | SLO (in business days) |
+|------------------|------------------------|
+| First Response    | 7 days                 |
+| Time to Triage    | 10 days                |
+| Time to Resolution| Depends on severity    |
+
+For more information, visit:
+- [Bugcrowd Vulnerability Disclosure Program](https://bugcrowd.com/engagements/devtools-vdp)
+- [Progress Trust Center](https://www.progress.com/trust-center)
+- [Vulnerability Reporting Policy](https://www.progress.com/trust-center/vulnerability-reporting-policy)
+
+
+## What We Do to Mitigate Risk
+
+Our dedicated security team, comprised of experienced developers and security experts—our "Security Champions"—reviews all web, desktop, and mobile products technologies for potential vulnerabilities. These vulnerabilities may be internally identified, reported by third-party tools, or flagged externally.
+
+We actively manage the following strategies to mitigate risks:
+
+### Prevention
+
+Our primary goal is to prevent security issues before product delivery. We use the following prevention techniques:
+
+- **Internal Logging**: Every potential security issue is logged, researched, tested, and verified. Issues deemed valid are assessed using a CVSS score, with critical issues prioritized.
+- **Third-Party Static Analysis Testing**: We use some of the leading security scanning tools in the market to scan for vulnerabilities in our software code. Regular scans are conducted, and results are reviewed to address vulnerabilities and mitigate false positives.
+
+
+## Third-Party Dependencies Handling
+
+We leverage leading commercial tools to automatically monitor and update third-party dependencies in our Telerik and Kendo GitHub projects, ensuring they remain secure and up-to-date. Alerts are enabled for all GitHub-hosted products, and the identified vulnerable dependencies are addressed by the repository code owners and security champions.
+
+>Note: Our definition of "Done" includes successful builds that are scanned using top security scanning tools, and the resolution of any security alerts.
+
+
+## Content Security Compliance
+
+Content Security Policy (CSP) is a critical security measure that helps detect and mitigate the risks of content injection vulnerabilities, such as cross-site scripting (XSS) and data injection attacks. Telerik and Kendo UI components are designed to be CSP-compliant, ensuring secure integration into customer projects.
+
+For more detailed information on CSP compliance for {{ site.product }}, refer to the following article:
+- [Content Security Policy]({% slug troubleshooting_content_security_policy_aspnetmvc %})
+
+This resource provides guidelines on how to configure your ASP.NET Web application to comply with CSP requirements when using {{ site.product }} components.
+
+## OWASP Top 10 Alignment
+
+We closely monitor the [OWASP Top 10](https://owasp.org/www-project-top-ten/) list of security risks and align our security practices with these industry-leading standards. Regular updates ensure that our products address evolving security threats and vulnerabilities.
+
+## Telerik Component-Specific Security Guidelines
+
+{{ site.product }} has a dedicated security-related article with security tips for individual components and general cross-site scripting (XSS) prevention tips. The article outlines best practices and recommendations for securing the components and mitigating potential risks. Below is a list of available security articles for specific controls:
+
+- [Security and Validation]({%slug aspnetcore_security_gettingstarted %})
+
+For more detailed answers to common security-related questions, please refer to our [Security FAQ page]({%slug security_aspnetmvc6_aspnetmvc %}).      
+ 

docs/api/javascript/ui/dropdowntree.md

@@ -562,28 +562,35 @@ The supported filter values are `startswith`, `endswith` and `contains`.
 
 #### Example - set the filter
 
-    <input id="dropdowntree"/>
-
+    <input id="ddt" />
     <script>
-    $("#dropdowntree").kendoDropDownTree({
-      dataSource: [{ text: "a-item1", value: 1 }, { text: "b-item2", value: 2 }],
-      filter: "contains"
-    });
+      $("#ddt").kendoDropDownTree({
+        dataSource: [
+          { text: "Chai", value: 1 },
+          { text: "Chang", value: 2 },
+          { text: "Tofu", value: 3 }
+        ],
+        filter: "contains"
+      });
     </script>
 
 ### filterLabel `String`
 
 When filtering is enabled, allows aria-label to be defined for the filter input element.
 
-#### Example - set the filter
+#### Example - set the filter label
 
     <input id="ddt" />
     <script>
-    $("#ddt").kendoDropDownTree({
-      dataSource: ["Chai", "Chang", "Tofu"],
-      filter: "contains",
-      filterLabel: "custom title"
-    });
+        $("#ddt").kendoDropDownTree({
+            dataSource: [
+                { text: "Chai", value: 1 },
+                { text: "Chang", value: 2 },
+                { text: "Tofu", value: 3 }
+            ],
+            filter: "contains",
+            filterLabel: "custom title"
+        });
     </script>
 
 ### fillMode `String`*(default: "solid")*
@@ -600,7 +607,11 @@ Sets a value controlling how the color is applied. Can also be set to the follow
     <input id="ddt" />
     <script>
     $("#ddt").kendoDropDownTree({
-      dataSource: ["Chai", "Chang", "Tofu"],
+      dataSource: [
+          { text: "Chai", value: 1 },
+          { text: "Chang", value: 2 },
+          { text: "Tofu", value: 3 }
+      ],
       fillMode: "flat"
     });
     </script>
@@ -664,7 +675,7 @@ The function context (available through the keyword `this`) will be set to the w
         dataValueField: "id",
         label: function() {
             return "Fruits";
-        }ß
+        }
     });
     </script>
 
@@ -1278,12 +1289,16 @@ Sets a value controlling the border radius. Can also be set to the following str
 - "large"
 - "full"
 
-#### Example - sets the fillMode
+#### Example - set large border radius
 
     <input id="ddt" />
     <script>
     $("#ddt").kendoDropDownTree({
-      dataSource: ["Chai", "Chang", "Tofu"],
+      dataSource: [
+          { text: "Chai", value: 1 },
+          { text: "Chang", value: 2 },
+          { text: "Tofu", value: 3 }
+      ],
       rounded: "large"
     });
     </script>
@@ -1297,12 +1312,16 @@ Sets a value controlling size of the component. Can also be set to the following
 - "large"
 - "none"
 
-#### Example - sets the fillMode
+#### Example - set the size
 
     <input id="ddt" />
     <script>
     $("#ddt").kendoDropDownTree({
-      dataSource: ["Chai", "Chang", "Tofu"],
+      dataSource: [
+          { text: "Chai", value: 1 },
+          { text: "Chang", value: 2 },
+          { text: "Tofu", value: 3 }
+      ],
       size: "large"
     });
     </script>
@@ -1321,17 +1340,18 @@ The [data source](/api/javascript/data/hierarchicaldatasource) of the widget. Co
 
     <input id="dropdowntree"/>
     <script>
-    $("#dropdowntree").kendoDropDownTree({
-      dataSource: [
-        { name: "Apples" },
-        { name: "Oranges" }
-      ],
-      dataTextField: "name",
-      dataValueField: "name"
-    });
-    var dropdowntree = $("#dropdowntree").data("kendoDropDownTree");
-    dropdowntree.dataSource.add({ name: "Appricot" });
-    dropdowntree.search("A");
+      $("#dropdowntree").kendoDropDownTree({
+        dataSource: [
+          { name: "Apples" },
+          { name: "Oranges" }
+        ],
+        filter: "startswith",
+        dataTextField: "name",
+        dataValueField: "name"
+      });
+      var dropdowntree = $("#dropdowntree").data("kendoDropDownTree");
+      dropdowntree.dataSource.add({ name: "Appricot" });
+      dropdowntree.open(); 
     </script>
 
 ### options `Object`

docs/api/javascript/ui/editor.md

@@ -2400,6 +2400,7 @@ Sets the subject of the PDF file.
     <script>
         $("#editor").kendoEditor({
             tools: ["pdf"],
+            pdf:{
                 subject : "Kendo UI Editor overview"
             }
         });
@@ -2687,8 +2688,7 @@ and a contenteditable iframe is generated.
     <script>
     $("#editor").kendoEditor({
       stylesheets: [
-        "base.css",
-        "theme.css"
+          "https://demos.telerik.com/kendo-ui/content/web/editor/editorStyles.css"
       ]
     });
     </script>
@@ -4242,13 +4242,14 @@ The URL responsible for serving the original file. A file name placeholder shoul
     <textarea id="editor"></textarea>
     <script>
     $("#editor").kendoEditor({
-	  tools: [
-		"insertFile"
-	  ],
+      tools: [
+      "insertFile"
+      ],
       fileBrowser: {
         transport: {
           fileUrl: function (e) {
             return "/content/files/" + e;
+          }
         }
       }
     });