Fix RichTextField code scanning issues

Author: WiXSL

packages/ra-ui-materialui/src/field/RichTextField.spec.tsx

@@ -45,6 +45,10 @@ describe('stripTags', () => {
             'All our base is belong to us.'
         );
     });
+
+    it('should drop an unfinished opening tag', () => {
+        expect(removeTags('Safe<script alert(1)')).toEqual('Safe');
+    });
 });
 
 describe('<RichTextField />', () => {

packages/ra-ui-materialui/src/field/RichTextField.tsx

@@ -87,8 +87,34 @@ export interface RichTextFieldProps<
     purifyOptions?: PurifyOptions;
 }
 
-export const removeTags = (input: string) =>
-    input ? input.replace(/<[^>]+>/gm, '') : '';
+export const removeTags = (input: string) => {
+    if (!input) {
+        return '';
+    }
+
+    let output = '';
+    let isInsideTag = false;
+
+    for (const character of input) {
+        if (character === '<') {
+            isInsideTag = true;
+            continue;
+        }
+
+        if (character === '>') {
+            if (isInsideTag) {
+                isInsideTag = false;
+                continue;
+            }
+        }
+
+        if (!isInsideTag) {
+            output += character;
+        }
+    }
+
+    return output;
+};
 
 const PREFIX = 'RaRichTextField';