Sync with template-lint

NullVoxPopuli · NullVoxPopuli · commit 1ebfdf1f69e8 · 2026-03-20T14:24:51.000-04:00
diff --git a/README.md b/README.md
@@ -253,7 +253,7 @@ rules in templates can be disabled with eslint directives with mustache or html
 | [template-no-obsolete-elements](docs/rules/template-no-obsolete-elements.md)                                       | disallow obsolete HTML elements                                              |    |    |    |
 | [template-no-outlet-outside-routes](docs/rules/template-no-outlet-outside-routes.md)                               | disallow {{outlet}} outside of route templates                               |    |    |    |
 | [template-no-page-title-component](docs/rules/template-no-page-title-component.md)                                 | disallow usage of ember-page-title component                                 |    |    |    |
-| [template-require-form-method](docs/rules/template-require-form-method.md)                                         | require form method attribute                                                |    |    |    |
+| [template-require-form-method](docs/rules/template-require-form-method.md)                                         | require form method attribute                                                |    | 🔧 |    |
 | [template-require-has-block-helper](docs/rules/template-require-has-block-helper.md)                               | require (has-block) helper usage instead of hasBlock property                |    | 🔧 |    |
 | [template-require-iframe-src-attribute](docs/rules/template-require-iframe-src-attribute.md)                       | require iframe elements to have src attribute                                |    | 🔧 |    |
 | [template-require-splattributes](docs/rules/template-require-splattributes.md)                                     | require splattributes usage in component templates                           |    |    |    |
diff --git a/docs/rules/template-require-form-method.md b/docs/rules/template-require-form-method.md
@@ -1,71 +1,55 @@
 # ember/template-require-form-method
 
+🔧 This rule is automatically fixable by the [`--fix` CLI option](https://eslint.org/docs/latest/user-guide/command-line-interface#--fix).
+
 <!-- end auto-generated rule header -->
 
-Require form elements to have a method attribute.
+This rule requires all `<form>` elements to have `method` attribute with `POST`, `GET` or `DIALOG` value.
 
-Form elements should explicitly specify the HTTP method they use. This improves code clarity and helps catch potential issues.
+By default `form` elements without `method` attribute are submitted as `GET` requests.
+In usual applications `submit` event listeners are attached to `form` elements and `event.preventDefault()` is called to avoid form submission.
 
-## Examples
+However in case of failure to prevent default action, form submission as `GET` request can leak sensitive end-user information.
 
-This rule **forbids** the following:
+Example uses of `GET` requests:
 
-```gjs
-<template>
-  <form></form>
-</template>
-```
+- non-secure data
+- bookmarking the submission result
+- data search query strings
 
-```gjs
-<template>
-  <form method='DELETE'></form>
-</template>
-```
+**Caution** - this rules does not check for `formmethod` attribute on `form` elements themselves.
 
-This rule **allows** the following:
+## Examples
 
-```gjs
-<template>
-  <form method='POST'></form>
-</template>
-```
+This rule **forbids** the following:
 
 ```gjs
 <template>
-  <form method='GET'></form>
+  <form>Hello world!</form>
+  <form method=''></form>
+  <form method='random'>Hello world!</form>
 </template>
 ```
 
-```gjs
-<template>
-  <form method='DIALOG'></form>
-</template>
-```
+This rule **allows** the following:
 
 ```gjs
 <template>
-  <form method='{{dynamicMethod}}'></form>
+  <form method='post'>Hello world!</form>
+  <form method='get'>Hello world!</form>
+  <form method='dialog'>Hello world!</form>
 </template>
 ```
 
 ## Configuration
 
-- `allowedMethods` (default: `['POST', 'GET', 'DIALOG']`) - Array of allowed form method values
-
-```js
-// .eslintrc.js
-module.exports = {
-  rules: {
-    'ember/template-require-form-method': [
-      'error',
-      {
-        allowedMethods: ['POST', 'GET'],
-      },
-    ],
-  },
-};
-```
+The following values are valid configuration:
+
+- boolean - `true` to enable / `false` to disable
+- object -- An object with the following keys:
+  - `allowedMethods` -- An array of allowed form `method` attribute values, default: `['POST', 'GET', 'DIALOG']`
 
 ## References
 
-- [HTML Spec - Form Method Attribute](https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attr-fs-method)
+- [MDN - form method attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attr-method)
+- [HTML spec - form method attribute](https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attr-fs-method)
diff --git a/lib/rules/template-require-form-method.js b/lib/rules/template-require-form-method.js
@@ -33,18 +33,21 @@ function makeErrorMessage(methods) {
   return `All \`<form>\` elements should have \`method\` attribute with value of \`${methods.join(',')}\``;
 }
 
+function getFixedMethod(config) {
+  return config.allowedMethods[0];
+}
+
 /** @type {import('eslint').Rule.RuleModule} */
 module.exports = {
   meta: {
     type: 'suggestion',
     docs: {
       description: 'require form method attribute',
       category: 'Best Practices',
-      recommended: false,
       url: 'https://github.com/ember-cli/eslint-plugin-ember/tree/master/docs/rules/template-require-form-method.md',
       templateMode: 'both',
     },
-    fixable: null,
+    fixable: 'code',
     schema: [
       {
         oneOf: [
@@ -63,7 +66,9 @@ module.exports = {
         ],
       },
     ],
-    messages: {},
+    messages: {
+      invalidMethod: '{{message}}',
+    },
     originallyFrom: {
       name: 'ember-template-lint',
       rule: 'lib/rules/require-form-method.js',
@@ -92,7 +97,16 @@ module.exports = {
         if (!methodAttribute) {
           context.report({
             node,
-            message: makeErrorMessage(config.allowedMethods),
+            messageId: 'invalidMethod',
+            data: {
+              message: makeErrorMessage(config.allowedMethods),
+            },
+            fix(fixer) {
+              return fixer.insertTextAfterRange(
+                [node.parts.at(-1).range[1], node.parts.at(-1).range[1]],
+                ` method="${getFixedMethod(config)}"`
+              );
+            },
           });
           return;
         }
@@ -104,7 +118,16 @@ module.exports = {
           if (!config.allowedMethods.includes(methodValue)) {
             context.report({
               node,
-              message: makeErrorMessage(config.allowedMethods),
+              messageId: 'invalidMethod',
+              data: {
+                message: makeErrorMessage(config.allowedMethods),
+              },
+              fix(fixer) {
+                return fixer.replaceTextRange(
+                  methodAttribute.value.range,
+                  `"${getFixedMethod(config)}"`
+                );
+              },
             });
           }
         }
diff --git a/tests/lib/rules/template-require-form-method.js b/tests/lib/rules/template-require-form-method.js
