MC-17489: Require specific suffix for HTML binding

Oleksandr Gorkun · Oleksandr Gorkun · commit a303ce89133f · 2019-07-17T15:26:07.000-05:00
diff --git a/dev/tests/static/framework/Magento/Sniffs/Html/HtmlBindingSniff.php b/dev/tests/static/framework/Magento/Sniffs/Html/HtmlBindingSniff.php
@@ -41,15 +41,30 @@ public function process(File $phpcsFile, $stackPtr)
                 $loaded = false;
             }
             if ($loaded) {
+                /** @var string[] $htmlBindings */
+                $htmlBindings = [];
                 $domXpath = new \DOMXPath($dom);
                 $dataBindAttributes = $domXpath->query('//@*[name() = "data-bind"]');
                 foreach ($dataBindAttributes as $dataBindAttribute) {
                     $knockoutBinding = $dataBindAttribute->nodeValue;
-                    preg_match('/^(.+\s*?)?html\s*?\:\s*?([a-z0-9\.\(\)\_]+)/ims', $knockoutBinding, $htmlBinding);
-                    if ($htmlBinding && !preg_match('/UnsanitizedHtml[\(\)]*?$/', $htmlBinding[2])) {
+                    preg_match('/^(.+\s*?)?html\s*?\:(.+)/ims', $knockoutBinding, $htmlBindingStart);
+                    if ($htmlBindingStart) {
+                        $htmlBinding = trim(preg_replace('/\,[a-z0-9\_\s]+\:.+/ims', '', $htmlBindingStart[2]));
+                        $htmlBindings[] = $htmlBinding;
+                    }
+                }
+                $htmlAttributes = $domXpath->query('//@*[name() = "html"]');
+                foreach ($htmlAttributes as $htmlAttribute) {
+                    $magentoBinding = $htmlAttribute->nodeValue;
+                    $htmlBindings[] = trim($magentoBinding);
+                }
+                foreach ($htmlBindings as $htmlBinding) {
+                    if (!preg_match('/^[0-9\\\'\"]/ims', $htmlBinding)
+                        && !preg_match('/UnsanitizedHtml(\(.*?\))*?$/', $htmlBinding)
+                    ) {
                         $phpcsFile->addError(
                             'Variables/functions used for HTML binding must have UnsanitizedHtml suffix'
-                            .' - "' .$htmlBinding[2] .'" doesn\'t,' .PHP_EOL
+                            .' - "' .$htmlBinding .'" doesn\'t,' .PHP_EOL
                             .'consider using text binding if the value is supposed to be text',
                             null,
                             'UIComponentTemplate.KnockoutBinding.HtmlSuffix'
diff --git a/dev/tests/static/framework/tests/unit/testsuite/Magento/Sniffs/Html/_files/test-html-binding-errors.txt b/dev/tests/static/framework/tests/unit/testsuite/Magento/Sniffs/Html/_files/test-html-binding-errors.txt
@@ -1,12 +1,18 @@
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-FOUND 3 ERRORS AFFECTING 1 LINE
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+FOUND 6 ERRORS AFFECTING 1 LINE
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  1 | ERROR | Variables/functions used for HTML binding must have UnsanitizedHtml suffix - "testError()" doesn't,
    |       | consider using text binding if the value is supposed to be text
  1 | ERROR | Variables/functions used for HTML binding must have UnsanitizedHtml suffix - "test.getSomething().value.error()" doesn't,
    |       | consider using text binding if the value is supposed to be text
+ 1 | ERROR | Variables/functions used for HTML binding must have UnsanitizedHtml suffix - "bind_stuff(1, 2)" doesn't,
+   |       | consider using text binding if the value is supposed to be text
+ 1 | ERROR | Variables/functions used for HTML binding must have UnsanitizedHtml suffix - "testError()" doesn't,
+   |       | consider using text binding if the value is supposed to be text
+ 1 | ERROR | Variables/functions used for HTML binding must have UnsanitizedHtml suffix - "test.getSomething().value.error(1)" doesn't,
+   |       | consider using text binding if the value is supposed to be text
  1 | ERROR | Variables/functions used for HTML binding must have UnsanitizedHtml suffix - "bind_stuff()" doesn't,
    |       | consider using text binding if the value is supposed to be text
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
diff --git a/dev/tests/static/framework/tests/unit/testsuite/Magento/Sniffs/Html/_files/test-html-binding.html b/dev/tests/static/framework/tests/unit/testsuite/Magento/Sniffs/Html/_files/test-html-binding.html
@@ -12,7 +12,19 @@
     attr : tst,
     html: test.getSomething().value.error()
 "></div>
-<p data-bind="html: '<b>Some html</b>'"></p>
+<p data-bind="html: '<b>Some html</b>', attr: test"></p>
 <div data-bind="html: valueUnsanitizedHtml"></div>
 <div data-bind="attr: testhtml, html: valueUnsanitizedHtml()"></div>
-<p data-bind="other_html: bind, html: bind_stuff()"></p>
+<p data-bind="other_html: bind, html: bind_stuff(1, 2)"></p>
+
+<div style="tst()"></div>
+<span html="testError()"></span>
+<div html="
+    test.getSomething().value.error(1)
+"></div>
+<p html="'<b>Some html</b>'"></p>
+<div html="valueUnsanitizedHtml"></div>
+<div html="
+valueUnsanitizedHtml('test')
+"></div>
+<p html="bind_stuff()"></p>
