From 442b096c38d4ee81dd2e8a2602f523d1336f4beb Mon Sep 17 00:00:00 2001
From: The Dramatist <naby88@gmail.com>
Date: Wed, 8 Nov 2017 17:06:25 +0600
Subject: [PATCH] Escaping attribute at walker class.

As the data are coming from WordPress background, escaping attributes aren't that necessary. But I think best practice what ever or where ever the data is coming form that should be escaped and validated before storing and presenting. So escaping the attributes are better here.
---
 walker.taxonomy-single-term.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/walker.taxonomy-single-term.php b/walker.taxonomy-single-term.php
index 559a43b..fc56ab9 100644
--- a/walker.taxonomy-single-term.php
+++ b/walker.taxonomy-single-term.php
@@ -81,9 +81,9 @@ public function start_el( &$output, $term, $depth = 0, $args = array(), $id = 0
 		$in_selected   = in_array( $term->term_id, $selected_cats );
 
 		$args = array(
-			'id'            => $taxonomy .'-'. $term->term_id,
-			'name'          => $name,
-			'value'         => $value,
+			'id'            => esc_attr( $taxonomy .'-'. $term->term_id ),
+			'name'          => esc_attr( $name ),
+			'value'         => esc_attr( $value ),
 			'checked'       => checked( $in_selected, true, false ),
 			'selected'      => selected( $in_selected, true, false ),
 			'disabled'      => disabled( empty( $args['disabled'] ), false, false ),