Escaping attribute at walker class.

As the data are coming from WordPress background, escaping attributes aren't that necessary. But I think best practice what ever or where ever the data is coming form that should be escaped and validated before storing and presenting. So escaping the attributes are better here.
WebDevStudios · Nov 8, 2017 · 442b096 · 442b096
1 parent 7b124fb
commit 442b096
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/walker.taxonomy-single-term.php b/walker.taxonomy-single-term.php
@@ -81,9 +81,9 @@ public function start_el( &$output, $term, $depth = 0, $args = array(), $id = 0
 		$in_selected   = in_array( $term->term_id, $selected_cats );
 
 		$args = array(
-			'id'            => $taxonomy .'-'. $term->term_id,
-			'name'          => $name,
-			'value'         => $value,
+			'id'            => esc_attr( $taxonomy .'-'. $term->term_id ),
+			'name'          => esc_attr( $name ),
+			'value'         => esc_attr( $value ),
 			'checked'       => checked( $in_selected, true, false ),
 			'selected'      => selected( $in_selected, true, false ),
 			'disabled'      => disabled( empty( $args['disabled'] ), false, false ),