Regression related to the 2.4.0 security fix

**Describe the bug**
When an image contains special characters like `image^3.webp`, we are stripping the character, and the URL returned is `image3.webp` instead of `image^3.webp`. This breaks the image, causing a 404 error.

This is coming from the recent change applied [here](https://github.com/wp-media/rocket-lazyload-common/pull/127/commits/59646005c06a05ad9ca33740aeab8ad33da137f9).


> Security: Fix an authenticated Stored Cross-Site Scripting (XSS) vulnerability reported by Pathstack.
 
**To Reproduce**
Steps to reproduce the behavior:
1. Installed Lazy Load - Optimize Images plugin (version 2.4.0)
2. Add an image with the file name including special characters, for example, `image^3.webp`
3. Enable LazyLoad for images option.
4. View the page source and see that the special character is now removed.

**Expected behavior**
We should safely encode special characters instead of removing them, to prevent this kind of issue while still keeping URLs secure.


**Screenshots**
- [screenshot](https://prnt.sc/jEYLn-GNOeWs)
- [WordPress Thread:](https://wordpress.org/support/topic/image-urls-with-are-stripped-by-rocket-lazy-load/#post-18690810)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Regression related to the 2.4.0 security fix #151

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Regression related to the 2.4.0 security fix #151

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions