I refactored that section of my plugin quick to use single instead of double quotes on the JavaScript injected img tag, but man, it doesn’t seem smart at all to do this – what are people with plugins they didn’t make and no expertise/support going to do when this breaks their site?
The attribute is added by wp_img_tag_add_loading_optimization_attrs(). The decoding attribute behavior can be modified through the ‘wp_img_tag_add_decoding_attr’ filter. Review the source code of the above linked function to see the inline doc for this filter, starting at line 1978.
Because this is happening server side, what you do client side like adding your own attribute will not change what happens server side.
I’m not sure what you’re expecting to be escaped, attribute values are escaped, not the surrounding HTML. If HTML were escaped it’d be interpreted as plain text instead of HTML.
For better or worse, plugin devs are expected to keep abreast of new developments in WP core. 6.4 release candidate has been available for testing for some time now. Efforts are made to maintain reverse compatibility, but it’s simply not always possible.
Thanks for the explanation – I see the latest 6.4 update has not gone well on various forums for other reasons and I’m sure this is a small issue/workaround in comparison.
