Update sniff to include static method calls

Still a WIP

Author: dingo-d

Diff for: WordPress/Sniffs/Security/EscapeOutputSniff.php

@@ -614,17 +614,6 @@ protected function check_code_is_escaped( $start, $end ) {
 					) {
 						$i = $class_keyword;
 						continue;
-					} else { // Static method call. Current token should be flagged and the rest should be skipped.
-						$content = $this->tokens[ $i ]['content'];
-
-						$this->phpcsFile->addError(
-							"All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '%s'.",
-							$i,
-							'OutputNotEscaped',
-							array( $content )
-						);
-
-						break;
 					}
 				}
 			}
@@ -748,6 +737,14 @@ protected function check_code_is_escaped( $start, $end ) {
 
 				$content = $functionName;
 
+				// Check if it's static method call.
+				$double_colon = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), $end, true );
+				if ( false !== $double_colon
+					&& \T_DOUBLE_COLON === $this->tokens[ $double_colon ]['code']
+				) {
+					// Set the pointer to the end of the method.
+					$i = $this->phpcsFile->findNext( \T_CLOSE_PARENTHESIS, $i, $end );
+				}
 			} else {
 				$content = $this->tokens[ $i ]['content'];
 				$ptr     = $i;