!!![TASK] Disallow raw directive!

Author: linawolf

packages/typo3-docs-theme/resources/config/typo3-docs-theme.php

@@ -15,6 +15,7 @@
 use phpDocumentor\Guides\RestructuredText\Parser\Productions\DirectiveContentRule;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 
+use T3Docs\Typo3DocsTheme\Directives\RawDirective;
 use T3Docs\Typo3DocsTheme\EventListeners\AddThemeSettingsToProjectNode;
 use T3Docs\Typo3DocsTheme\EventListeners\CopyResources;
 use T3Docs\Typo3DocsTheme\Directives\GroupTabDirective;
@@ -59,6 +60,7 @@
         ->public()
 
         ->set(GroupTabDirective::class)
+        ->set(RawDirective::class)
         ->set(T3FieldListTableDirective::class)
         ->set(YoutubeDirective::class)
         ->set(CodeHighlight::class)

packages/typo3-docs-theme/src/Directives/RawDirective.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of phpDocumentor.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ *
+ * @link https://phpdoc.org
+ */
+
+namespace T3Docs\Typo3DocsTheme\Directives;
+
+use phpDocumentor\Guides\RestructuredText\Directives\ActionDirective;
+use phpDocumentor\Guides\RestructuredText\Parser\BlockContext;
+use phpDocumentor\Guides\RestructuredText\Parser\Directive;
+use Psr\Log\LoggerInterface;
+
+final class RawDirective extends ActionDirective
+{
+    public function __construct(
+        private readonly LoggerInterface $logger
+    ) {}
+
+    public function getName(): string
+    {
+        return 'raw';
+    }
+
+    public function processAction(BlockContext $blockContext, Directive $directive): void
+    {
+        $this->logger->error('The raw directive is not supported for security reasons. ', $blockContext->getLoggerInformation());
+    }
+}

tests/Integration/tests/raw-forbidden/expected/index.html

@@ -0,0 +1,7 @@
+<!-- content start -->
+                <section class="section" id="raw-directive-must-not-work">
+            <h1>Raw directive must not work<a class="headerlink" href="#raw-directive-must-not-work" data-bs-toggle="modal" data-bs-target="#linkReferenceModal"  title="Reference this headline">¶</a></h1>
+
+    </section>
+
+        <!-- content end -->

tests/Integration/tests/raw-forbidden/expected/logs/error.log

@@ -0,0 +1 @@
+app.ERROR: The raw directive is not supported for security reasons.

tests/Integration/tests/raw-forbidden/expected/logs/warning.log

@@ -0,0 +1 @@
+app.ERROR: The raw directive is not supported for security reasons.

tests/Integration/tests/raw-forbidden/input/index.rst

@@ -0,0 +1,9 @@
+===========================
+Raw directive must not work
+===========================
+
+..  raw:: html
+
+    <div style="background-color: red; color: black;">This HTML must not show!!</div>
+
+    <script>alert('Some very bad JavaScript works!!!')</script>