Skip to content

Fix RichTextField tag-stripping feature is polynomial and does not strip unfinished tags#11225

Merged
slax57 merged 1 commit intomasterfrom
fix-rich-text-field-code-scanning
Mar 31, 2026
Merged

Fix RichTextField tag-stripping feature is polynomial and does not strip unfinished tags#11225
slax57 merged 1 commit intomasterfrom
fix-rich-text-field-code-scanning

Conversation

@WiXSL
Copy link
Copy Markdown
Collaborator

@WiXSL WiXSL commented Mar 31, 2026
edited
Loading

Summary

  • replace the tag-stripping regex with a linear tag scanner in RichTextField
  • keep the existing stripTags behavior while handling unfinished tags more safely
  • add a regression test covering malformed input

Why

GitHub code scanning reports two alerts on RichTextField:

  • #56 Incomplete multi-character sanitization
  • #57 Polynomial regular expression used on uncontrolled data

Both alerts came from the regex used by removeTags().

Testing

  • yarn test-unit --runTestsByPath packages/ra-ui-materialui/src/field/RichTextField.spec.tsx

@WiXSL WiXSL added the RFR Ready For Review label Mar 31, 2026
@slax57 slax57 self-requested a review March 31, 2026 14:46
@slax57 slax57 added this to the 5.14.6 milestone Mar 31, 2026
@slax57 slax57 merged commit 4e4e898 into master Mar 31, 2026
15 checks passed
@slax57 slax57 deleted the fix-rich-text-field-code-scanning branch March 31, 2026 14:51
@slax57 slax57 changed the title Fix RichTextField code scanning issues Fix RichTextField tag-stripping feature is polynomial and does not strip unfinished tags Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slax57 slax57 slax57 approved these changes

Assignees

No one assigned

Labels

RFR Ready For Review

Projects

None yet

Milestone

5.14.6

Development

Successfully merging this pull request may close these issues.

2 participants

@WiXSL @slax57