Sniff to detect script tags that should be either enqueued or generated by the new script templating functions: wp_get_script_tag() and wp_get_inline_script_tag().

Author: enricocarraro

WordPress-Extra/ruleset.xml

@@ -99,6 +99,10 @@
 		 https://github.com/WordPress/WordPress-Coding-Standards/issues/35 -->
 	<rule ref="WordPress.WP.EnqueuedResources"/>
 
+	<!-- Non enqueable inline scripts should be generated using wp_get_inline_script_tag().
+		 https://core.trac.wordpress.org/ticket/39941 -->
+	<rule ref="WordPress.WP.TemplatedInlineScripts"/>
+	
 	<!-- Warn against overriding WP global variables.
 		 https://github.com/WordPress/WordPress-Coding-Standards/issues/26 -->
 	<rule ref="WordPress.WP.GlobalVariablesOverride"/>

WordPress/Sniffs/WP/TemplatedInlineScriptsSniff.php

@@ -0,0 +1,91 @@
+<?php
+/**
+ * WordPress Coding Standard.
+ *
+ * @package WPCS\WordPressCodingStandards
+ * @link    https://github.com/WordPress/WordPress-Coding-Standards
+ * @license https://opensource.org/licenses/MIT MIT
+ */
+
+namespace WordPressCS\WordPress\Sniffs\WP;
+
+use PHP_CodeSniffer\Exceptions\RuntimeException;
+use PHP_CodeSniffer\Util\Tokens;
+use PHPCSUtils\Tokens\Collections;
+use PHPCSUtils\Utils\TextStrings;
+use WordPressCS\WordPress\Sniff;
+
+/**
+ * Makes sure inline scripts and scripts are generated using either {@see wp_get_script_tag()} or {@see wp_get_inline_script_tag()}.
+ *
+ * @package WPCS\WordPressCodingStandards
+ * @since   3.0.0
+ */
+class TemplatedInlineScriptsSniff extends Sniff {
+
+	/**
+	 * Returns an array of tokens this test wants to listen for.
+	 *
+	 * @return array
+	 */
+	public function register() {
+		$targets   = Collections::$textStingStartTokens;
+		$targets[] = \T_INLINE_HTML;
+
+		return $targets;
+	}
+
+	/**
+	 * Processes this test, when one of its tokens is encountered.
+	 *
+	 * @param int $stackPtr The position of the current token in the stack.
+	 *
+	 * @return void
+	 */
+	public function process_token( $stackPtr ) {
+
+		$content = $this->tokens[ $stackPtr ]['content'];
+		if ( \T_INLINE_HTML !== $this->tokens[ $stackPtr ]['code'] ) {
+			try {
+				$content = TextStrings::getCompleteTextString( $this->phpcsFile, $stackPtr );
+			} catch ( RuntimeException $e ) {
+				// Not the first token in a multi-line text string. Any issues will already have been reported.
+				return;
+			}
+		}
+
+		if ( preg_match_all( '#<script\b(?![^>]*\btext\/html\b)(?![^>]*\btext\/template\b)(?![^>]*\bapplication\/json\b)(?![^>]*\bsrc=\b)[^>]*>#', $content, $matches, PREG_OFFSET_CAPTURE ) > 0 ) {
+			foreach ( $matches[0] as $match ) {
+				$this->phpcsFile->addError(
+					'If the current script is related to an enqued script, it should be added to the queue with wp_add_inline_script(), otherwise it should be generated by wp_get_inline_script().',
+					$this->find_token_in_multiline_string( $stackPtr, $content, $match[1] ),
+					'NonTemplatedInlineScript'
+				);
+			}
+		}
+	}
+
+	/**
+	 * Find the exact token on which the error should be reported for multi-line strings.
+	 *
+	 * @param int    $stackPtr     The position of the current token in the stack.
+	 * @param string $content      The complete, potentially multi-line, text string.
+	 * @param int    $match_offset The offset within the content at which the match was found.
+	 *
+	 * @return int The stack pointer to the token containing the start of the match.
+	 */
+	private function find_token_in_multiline_string( $stackPtr, $content, $match_offset ) {
+		$newline_count = 0;
+		if ( $match_offset > 0 ) {
+			$newline_count = substr_count( $content, "\n", 0, $match_offset );
+		}
+
+		// Account for heredoc/nowdoc text starting at the token *after* the opener.
+		if ( isset( Tokens::$heredocTokens[ $this->tokens[ $stackPtr ]['code'] ] ) === true ) {
+			++$newline_count;
+		}
+
+		return ( $stackPtr + $newline_count );
+	}
+
+}