I am using the Tatsu page builder and using their Code module to insert dotlottie code, such as:
<dotlottie-player src="https://lottie.host/******************.lottie" background="transparent" speed="1" loop autoplay></dotlottie-player>
This works fine; however when I use the usual WordPress Update button for other reasons not related to the page builder, WordPress strips out this code.
I have tried adding the below code to functions.php, but it still got stripped.
function allow_lottie_tags($tags, $context) {
// Add for all contexts
$allowed_atts = array(
'src' => true,
'background' => true,
'speed' => true,
'loop' => true,
'autoplay' => true,
'class' => true,
'id' => true,
'style' => true
);
// Apply to both default and 'post' context
if ($context === 'post' || $context === 'default') {
$tags['dotlottie-player'] = $allowed_atts;
}
return $tags;
}
// Apply to multiple filters to catch different contexts
add_filter('wp_kses_allowed_html', 'allow_lottie_tags', 999, 2);
add_filter('post_allowed_html', 'allow_lottie_tags', 999, 2);
I then tried adding this, with no luck.
// Also try to force it globally
function hook_lottie_early() {
global $allowedposttags, $allowedtags;
$allowed_atts = array(
'src' => true,
'background' => true,
'speed' => true,
'loop' => true,
'autoplay' => true,
'class' => true,
'id' => true,
'style' => true
);
$allowedposttags['dotlottie-player'] = $allowed_atts;
$allowedtags['dotlottie-player'] = $allowed_atts;
}
add_action('init', 'hook_lottie_early', 1);
What am I doing wrong? Should I go to a dynamic shortcode instead, or is there another way to handle this?
2
Answers
Try to disable WordPress content filtering:
This prevents custom tags like
<dotlottie-player>from being stripped but exposes potential security risks. Only use this if you fully control who can edit content.If this is not working you should go to a dynamic shortcode instead as you said (I recommend this too because The shortcode approach is the most robust and secure way to include custom tags like
<dotlottie-player>)EDIT:
To limit disabling content filtering to administrators only, wrap it in a role check:
This keeps custom tags intact for admins while maintaining security for other users.
The issue you’re encountering arises because WordPress sanitizes and strips out custom HTML tags that are not explicitly allowed. While your attempts to extend the wp_kses_allowed_html and $allowedposttags are logical, they may not fully resolve the issue, as WordPress sometimes aggressively sanitizes post content, especially in certain contexts like the block editor or when using the update button.
Here’s how you can resolve the issue:
1. Dynamic Shortcode (Recommended Approach)
Using a shortcode is a robust and WordPress-compliant way to include custom elements like .
Add the following code to your functions.php file:
Usage:
Instead of directly embedding , use the shortcode:
2. Bypassing KSES Filters (Less Recommended)
If you need to keep the tag as raw HTML, you can disable the KSES filter entirely for specific user roles (e.g., administrators):
Warning: This method disables WordPress’s content sanitization and should only be used if you trust all the administrators on your site.
3. Fix for Allowed Tags Not Working
Your existing approach could fail if the wp_kses_allowed_html filter isn’t applied in the relevant context. Make sure your filter runs with the appropriate priority and context. Here’s an updated version of your function:
4. Verify Other Plugins or Builders
If the above solutions still don’t work, the issue could be caused by interference from another plugin or the Tatsu page builder itself. Some page builders or plugins aggressively sanitize post content. You may need to check their settings or contact their support to ensure compatibility with custom HTML tags.
Recommendation
Using a shortcode is the safest and most future-proof approach. It avoids conflicts with WordPress’s content sanitization processes while providing a clean and reusable solution.