lazy-load
lazy-load copied to clipboard
Added data-lazy-src img attribute and noscript tag to allowed html
Added data-lazy-src attribute to img tag and added noscript tag to allowed html, so they aren't stripped out by wp_kses_post.
I'm a bit hesitant on this since we don't save the markup to db (plus, it's probably not a good idea to globally add noscript
to the allowed list).
A better approach might be to expose two helper functions: add_kses_allowed_html
(adds the filter) and remove_kses_allowed_html
(removes the filter), which would allow you to do something like:
LazyLoad_Images::add_kses_allowed_html();
wp_kses_post( $my_filtered_content );
LazyLoad_Images::remove_kses_allowed_html();
Hi Mo, I thought of those two additions as pretty low risk. data-lazy-src
just being another attribute on img
and noscript
, though capable of hiding content would still have unacceptable HTML stripped out within.
I was thinking more of convenience, as in our case, I'm adding the option of lazy-load to a general thumbnail retrieving function. Then in most cases that content goes through wp_kses_post()
. And this happens in many places.
What are your thoughts on an opt-in filter for something like this? Something like:
add_filter( 'lazy_load_kses_allowed_html', '__return_true' );
which a developer could add to the theme, rather than the plugin adding it by default? Curious your thoughts on that approach. I'll update the PR to that for you to review.