Added data-lazy-src img attribute and noscript tag to allowed html

[mauteri]

Added data-lazy-src attribute to img tag and added noscript tag to allowed html, so they aren't stripped out by wp_kses_post.

[mjangda]

I'm a bit hesitant on this since we don't save the markup to db (plus, it's probably not a good idea to globally add noscript to the allowed list).

A better approach might be to expose two helper functions: add_kses_allowed_html (adds the filter) and remove_kses_allowed_html (removes the filter), which would allow you to do something like:

LazyLoad_Images::add_kses_allowed_html();
wp_kses_post( $my_filtered_content );
LazyLoad_Images::remove_kses_allowed_html();

[mauteri]

Hi Mo, I thought of those two additions as pretty low risk. data-lazy-src just being another attribute on img and noscript, though capable of hiding content would still have unacceptable HTML stripped out within.

I was thinking more of convenience, as in our case, I'm adding the option of lazy-load to a general thumbnail retrieving function. Then in most cases that content goes through wp_kses_post(). And this happens in many places.

What are your thoughts on an opt-in filter for something like this? Something like: add_filter( 'lazy_load_kses_allowed_html', '__return_true' ); which a developer could add to the theme, rather than the plugin adding it by default? Curious your thoughts on that approach. I'll update the PR to that for you to review.