Use esc_url instead of esc_attr for URLs. Improves security.

includes/class-color-palette-control.php

@@ -33,10 +33,10 @@ class MinimalistFlex_Color_Palette_Custom_Control extends WP_Customize_Control
         <div>
             <ul class='palettes'>
             <li class="palette palette-clear"><button id="minimalistflex-palette-minimal"><?php echo esc_html_x( 'Minimal', 'color palette', 'minimalistflex' ) ?></li>
-                <li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette.png' ) ?>')"><button id="minimalistflex-palette-light"><?php echo esc_html_x( 'Light', 'color palette', 'minimalistflex' ) ?></li>
-                <li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette2.png' ) ?>')"><button id="minimalistflex-palette-dark"><?php echo esc_html_x( 'Dark', 'color palette', 'minimalistflex' ) ?></li>
-                <li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette3.png' ) ?>')"><button id="minimalistflex-palette-galatic"><?php echo esc_html_x( 'Galatic', 'color palette', 'minimalistflex' ) ?></li>
-                <li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette4.png' ) ?>')"><button id="minimalistflex-palette-spring"><?php echo esc_html_x( 'Spring', 'color palette', 'minimalistflex' ) ?></li>
+                <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette.png' ) ?>')"><button id="minimalistflex-palette-light"><?php echo esc_html_x( 'Light', 'color palette', 'minimalistflex' ) ?></li>
+                <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette2.png' ) ?>')"><button id="minimalistflex-palette-dark"><?php echo esc_html_x( 'Dark', 'color palette', 'minimalistflex' ) ?></li>
+                <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette3.png' ) ?>')"><button id="minimalistflex-palette-galatic"><?php echo esc_html_x( 'Galatic', 'color palette', 'minimalistflex' ) ?></li>
+                <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette4.png' ) ?>')"><button id="minimalistflex-palette-spring"><?php echo esc_html_x( 'Spring', 'color palette', 'minimalistflex' ) ?></li>
             </ul>
         </div>
       <?php

includes/class-multi-image-control.php

@@ -51,7 +51,7 @@ class MinimalistFlex_Multi_Image_Custom_Control extends WP_Customize_Control
         <div>
             <ul class='suggested-images'>
                 <?php foreach ( $this->suggest_images as $suggest_image ): ?>
-                    <li class="suggested-image-item"><img src="<?php echo esc_attr( get_template_directory_uri() . $suggest_image ) ?>"></li>
+                    <li class="suggested-image-item"><img src="<?php echo esc_url( get_template_directory_uri() . $suggest_image ) ?>"></li>
                 <?php endforeach; ?>
             </ul>
         </div>

singular.php

@@ -30,7 +30,7 @@ $default_image_location = get_theme_mod( 'minimalistflex_default_featured_images
                 ?>
             <?php endif; ?>
             <div class="singular-image">
-                <img src="<?php echo esc_attr( $imgsrc ) ?>" aria-label="<?php esc_attr_e( 'The thumbnail image. This is a default image so that it\'s purely decorative.', 'minimalistflex' ) ?>">
+                <img src="<?php echo esc_url( $imgsrc ) ?>" aria-label="<?php esc_attr_e( 'The thumbnail image. This is a default image so that it\'s purely decorative.', 'minimalistflex' ) ?>">
             </div>
         <?php endif; ?>
         <div class="singular-main">

templates/loop.php

@@ -68,7 +68,7 @@ $default_image_location = get_theme_mod( 'minimalistflex_default_featured_images
             </div>
             <div class="panel-meta">
                 <?php if ( get_theme_mod( 'minimalistflex_interface_publisher', 'yes' ) == 'yes' ): ?>
-                    <a class="panel-author" href="<?php echo esc_attr( get_author_posts_url($id) ) ?>">
+                    <a class="panel-author" href="<?php echo esc_url( get_author_posts_url($id) ) ?>">
                         <span aria-hidden="true"><?php echo get_avatar( $id, 80 ) ?></span>
                         <?php the_author() ?>
                     </a>

templates/metadata.php

@@ -13,7 +13,7 @@ if ( !defined( 'WPINC' ) ) {
             </div>
             <?php foreach( $tags as $tag ) { ?>
                 <div class="singular-category">
-                    <a href="<?php echo esc_attr( get_category_link( $tag ) ) ?>">
+                    <a href="<?php echo esc_url( get_category_link( $tag ) ) ?>">
                         <?php echo $tag->name; ?>
                     </a>
                 </div>
@@ -28,7 +28,7 @@ if ( !defined( 'WPINC' ) ) {
         </div>
         <?php foreach( $tags as $tag ) { ?>
             <div class="singular-category singular-tag">
-                <a href="<?php echo esc_attr( get_tag_link( $tag ) ) ?>">
+                <a href="<?php echo esc_url( get_tag_link( $tag ) ) ?>">
                     <?php echo $tag->name; ?>
                 </a>
             </div>

templates/publisher.php

@@ -6,7 +6,7 @@ if ( !defined( 'WPINC' ) ) {
 
 <div class="publisher">
 
-<a class="publisher-link" href="<?php echo esc_attr( get_author_posts_url($id) ) ?>">
+<a class="publisher-link" href="<?php echo esc_url( get_author_posts_url($id) ) ?>">
     <?php echo get_avatar( $id, 32 ) ?>
     <span><?php the_author() ?></span>
 </a>