diff --git a/WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php b/WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php
new file mode 100644
index 00000000..116bc55c
--- /dev/null
+++ b/WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php
@@ -0,0 +1,83 @@
+ T_INLINE_HTML,
+ 'T_STRING' => T_STRING,
+ ];
+ }
+
+ /**
+ * Process this test when one of its tokens is encountered
+ *
+ * @param int $stackPtr The position of the current token in the stack passed in $tokens.
+ *
+ * @return void
+ */
+ public function process_token( $stackPtr ) {
+ $content = trim( $this->tokens[ $stackPtr ]['content'] );
+
+ if ( $content === '' ) {
+ return;
+ }
+
+ if ( $this->has_open_script_tag( $content ) === true ) {
+ $this->in_script = true;
+ } elseif ( strpos( '', $content ) !== false ) {
+ $this->in_script = false;
+ }
+
+ if ( $this->in_script === true && $content === 'esc_js' ) {
+ $message = 'Please do not use `esc_js()` for inline script escaping. See our code repository for
+ examples on how to escape within: https://github.com/Automattic/vip-code-samples/blob/master/10-security/js-dynamic.php';
+ $this->phpcsFile->addError( $message, $stackPtr, 'InlineScriptEsc' );
+ return;
+ }
+ }
+
+ /**
+ * Check if a content string contains start ' ) !== false ) {
+ // Incomplete or has closing tag, bail.
+ return false;
+ }
+
+ return strpos( $content, '
+
+
+
+
+
+
+ =>
+ */
+ public function getErrorList() {
+ return [
+ 9 => 1,
+ 14 => 1,
+ 15 => 1,
+ ];
+ }
+
+ /**
+ * Returns the lines where warnings should occur.
+ *
+ * @return array =>
+ */
+ public function getWarningList() {
+ return [];
+ }
+
+}