Index: wp-content/themes/twentyeleven/content-single.php
===================================================================
--- wp-content/themes/twentyeleven/content-single.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-single.php	(working copy)
@@ -13,16 +13,7 @@
 		<h1 class="entry-title"><?php the_title(); ?></h1>
 
 		<div class="entry-meta">
-			<?php
-				printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-					get_permalink(),
-					get_the_date( 'c' ),
-					get_the_date(),
-					get_author_posts_url( get_the_author_meta( 'ID' ) ),
-					sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-					get_the_author()
-				);
-			?>
+			<?php twentyeleven_posted_on(); ?>
 		</div><!-- .entry-meta -->
 	</header><!-- .entry-header -->
 
@@ -45,10 +36,10 @@
 				/* translators: used between list items, there is a space after the comma */
 				get_the_category_list( __( ', ', 'twentyeleven' ) ),
 				$tag_list,
-				get_permalink(),
+				esc_url( get_permalink() ),
 				the_title_attribute( 'echo=0' ),
 				get_the_author(),
-				get_author_posts_url( get_the_author_meta( 'ID' ) )
+				esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) )
 			);
 		?>
 		<?php edit_post_link( __( 'Edit', 'twentyeleven' ), '<span class="edit-link">', '</span>' ); ?>
@@ -62,7 +53,7 @@
 				<h2><?php printf( esc_attr__( 'About %s', 'twentyeleven' ), get_the_author() ); ?></h2>
 				<?php the_author_meta( 'description' ); ?>
 				<div id="author-link">
-					<a href="<?php echo get_author_posts_url( get_the_author_meta( 'ID' ) ); ?>" rel="author">
+					<a href="<?php echo esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ); ?>" rel="author">
 						<?php printf( __( 'View all posts by %s <span class="meta-nav">&rarr;</span>', 'twentyeleven' ), get_the_author() ); ?>
 					</a>
 				</div><!-- #author-link	-->
Index: wp-content/themes/twentyeleven/searchform.php
===================================================================
--- wp-content/themes/twentyeleven/searchform.php	(revision 18219)
+++ wp-content/themes/twentyeleven/searchform.php	(working copy)
@@ -7,7 +7,7 @@
  * @since Twenty Eleven 1.0
  */
 ?>
-	<form method="get" id="searchform" action="<?php echo home_url( '/' ); ?>">
+	<form method="get" id="searchform" action="<?php echo esc_url( home_url( '/' ) ); ?>">
 		<label for="s" class="assistive-text"><?php _e( 'Search', 'twentyeleven' ); ?></label> 
 		<input type="text" class="field" name="s" id="s" placeholder="<?php esc_attr_e( 'Search', 'twentyeleven' ); ?>" />
 		<input type="submit" class="submit" name="submit" id="searchsubmit" value="<?php esc_attr_e( 'Search', 'twentyeleven' ); ?>" />
Index: wp-content/themes/twentyeleven/content-aside.php
===================================================================
--- wp-content/themes/twentyeleven/content-aside.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-aside.php	(working copy)
@@ -39,16 +39,7 @@
 		<?php endif; ?>
 
 		<footer class="entry-meta">
-			<?php
-				printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-					get_permalink(),
-					get_the_date( 'c' ),
-					get_the_date(),
-					get_author_posts_url( get_the_author_meta( 'ID' ) ),
-					sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-					get_the_author()
-				);
-			?>
+			<?php twentyeleven_posted_on(); ?>
 			<?php if ( comments_open() ) : ?>
 			<span class="sep"> | </span>
 			<span class="comments-link"><?php comments_popup_link( __( '<span class="leave-reply">Leave a reply</span>', 'twentyeleven' ), __( '<b>1</b> Reply', 'twentyeleven' ), __( '<b>%</b> Replies', 'twentyeleven' ) ); ?></span>
Index: wp-content/themes/twentyeleven/style.css
===================================================================
--- wp-content/themes/twentyeleven/style.css	(revision 18219)
+++ wp-content/themes/twentyeleven/style.css	(working copy)
@@ -738,6 +738,11 @@
 .entry-meta a {
 	font-weight: bold;
 }
+.single-author .entry-meta .by-author {
+	position: absolute !important;
+	clip: rect(1px 1px 1px 1px); /* IE6, IE7 */
+	clip: rect(1px, 1px, 1px, 1px);
+}
 .entry-content,
 .entry-summary {
 	padding: 1.625em 0 0;
Index: wp-content/themes/twentyeleven/author.php
===================================================================
--- wp-content/themes/twentyeleven/author.php	(revision 18219)
+++ wp-content/themes/twentyeleven/author.php	(working copy)
@@ -24,7 +24,7 @@
 				?>
 
 				<header class="page-header">
-					<h1 class="page-title author"><?php printf( __( 'Author Archives: %s', 'twentyeleven' ), '<span class="vcard"><a class="url fn n" href="' . get_author_posts_url( get_the_author_meta( "ID" ) ) . '" title="' . esc_attr( get_the_author() ) . '" rel="me">' . get_the_author() . '</a></span>' ); ?></h1>
+					<h1 class="page-title author"><?php printf( __( 'Author Archives: %s', 'twentyeleven' ), '<span class="vcard"><a class="url fn n" href="' . esc_url( get_author_posts_url( get_the_author_meta( "ID" ) ) ) . '" title="' . esc_attr( get_the_author() ) . '" rel="me">' . get_the_author() . '</a></span>' ); ?></h1>
 				</header>
 
 				<?php
Index: wp-content/themes/twentyeleven/content-link.php
===================================================================
--- wp-content/themes/twentyeleven/content-link.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-link.php	(working copy)
@@ -39,16 +39,7 @@
 		<?php endif; ?>
 
 		<footer class="entry-meta">
-			<?php
-				printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-					get_permalink(),
-					get_the_date( 'c' ),
-					get_the_date(),
-					get_author_posts_url( get_the_author_meta( 'ID' ) ),
-					sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-					get_the_author()
-				);
-			?>
+			<?php twentyeleven_posted_on(); ?>
 			<?php if ( comments_open() ) : ?>
 			<span class="sep"> | </span>
 			<span class="comments-link"><?php comments_popup_link( __( '<span class="leave-reply">Leave a reply</span>', 'twentyeleven' ), __( '<b>1</b> Reply', 'twentyeleven' ), __( '<b>%</b> Replies', 'twentyeleven' ) ); ?></span>
Index: wp-content/themes/twentyeleven/content-featured.php
===================================================================
--- wp-content/themes/twentyeleven/content-featured.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-featured.php	(working copy)
@@ -14,16 +14,7 @@
 		<h1 class="entry-title"><a href="<?php the_permalink(); ?>" title="<?php printf( esc_attr__( 'Permalink to %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ); ?>" rel="bookmark"><?php the_title(); ?></a></h1>
 
 		<div class="entry-meta">
-			<?php
-				printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-					get_permalink(),
-					get_the_date( 'c' ),
-					get_the_date(),
-					get_author_posts_url( get_the_author_meta( 'ID' ) ),
-					sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-					get_the_author()
-				);
-			?>
+			<?php twentyeleven_posted_on(); ?>
 		</div><!-- .entry-meta -->
 	</header><!-- .entry-header -->
 
@@ -46,7 +37,7 @@
 				/* translators: used between list items, there is a space after the comma */
 				get_the_category_list( __( ', ', 'twentyeleven' ) ),
 				$tag_list,
-				get_permalink(),
+				esc_url( get_permalink() ),
 				the_title_attribute( 'echo=0' )
 			);
 		?>
Index: wp-content/themes/twentyeleven/content.php
===================================================================
--- wp-content/themes/twentyeleven/content.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content.php	(working copy)
@@ -21,16 +21,7 @@
 
 			<?php if ( 'post' == $post->post_type ) : ?>
 			<div class="entry-meta">
-				<?php
-					printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-						get_permalink(),
-						get_the_date( 'c' ),
-						get_the_date(),
-						get_author_posts_url( get_the_author_meta( 'ID' ) ),
-						sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-						get_the_author()
-					);
-				?>
+				<?php twentyeleven_posted_on(); ?>
 			</div><!-- .entry-meta -->
 			<?php endif; ?>
 
Index: wp-content/themes/twentyeleven/header.php
===================================================================
--- wp-content/themes/twentyeleven/header.php	(revision 18219)
+++ wp-content/themes/twentyeleven/header.php	(working copy)
@@ -71,7 +71,7 @@
 <div id="page" class="hfeed">
 	<header id="branding" role="banner">
 			<hgroup>
-				<h1 id="site-title"><span><a href="<?php echo home_url( '/' ); ?>" title="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></span></h1>
+				<h1 id="site-title"><span><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></span></h1>
 				<h2 id="site-description"><?php bloginfo( 'description' ); ?></h2>
 			</hgroup>
 
@@ -80,7 +80,7 @@
 				$header_image = get_header_image();
 				if ( ! empty( $header_image ) ) :
 			?>
-			<a href="<?php echo home_url( '/' ); ?>">
+			<a href="<?php echo esc_url( home_url( '/' ) ); ?>">
 				<?php
 					// The header image
 					// Check if this is a post or page, if it has a thumbnail, and if it's a big one
Index: wp-content/themes/twentyeleven/content-image.php
===================================================================
--- wp-content/themes/twentyeleven/content-image.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-image.php	(working copy)
@@ -32,11 +32,11 @@
 			<?php if ( 'post' == $post->post_type ) : // Hide category and tag text for pages on Search ?>
 			<div class="entry-meta">
 				<?php
-					printf( __( '<a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-						get_permalink(),
+					printf( __( '<a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a></a><span class="by-author"> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span></span>', 'twentyeleven' ),
+						esc_url( get_permalink() ),
 						get_the_date( 'c' ),
 						get_the_date(),
-						get_author_posts_url( get_the_author_meta( 'ID' ) ),
+						esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ),
 						sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
 						get_the_author()
 					);
Index: wp-content/themes/twentyeleven/content-status.php
===================================================================
--- wp-content/themes/twentyeleven/content-status.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-status.php	(working copy)
@@ -40,16 +40,7 @@
 		<?php endif; ?>
 
 		<footer class="entry-meta">
-			<?php
-				printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-					get_permalink(),
-					get_the_date( 'c' ),
-					get_the_date(),
-					get_author_posts_url( get_the_author_meta( 'ID' ) ),
-					sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-					get_the_author()
-				);
-			?>
+			<?php twentyeleven_posted_on(); ?>
 			<?php if ( comments_open() ) : ?>
 			<span class="sep"> | </span>
 			<span class="comments-link"><?php comments_popup_link( __( '<span class="leave-reply">Leave a reply</span>', 'twentyeleven' ), __( '<b>1</b> Reply', 'twentyeleven' ), __( '<b>%</b> Replies', 'twentyeleven' ) ); ?></span>
Index: wp-content/themes/twentyeleven/content-quote.php
===================================================================
--- wp-content/themes/twentyeleven/content-quote.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-quote.php	(working copy)
@@ -17,16 +17,7 @@
 
 			<?php if ( 'post' == $post->post_type ) : ?>
 			<div class="entry-meta">
-				<?php
-					printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-						get_permalink(),
-						get_the_date( 'c' ),
-						get_the_date(),
-						get_author_posts_url( get_the_author_meta( 'ID' ) ),
-						sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-						get_the_author()
-					);
-				?>
+				<?php twentyeleven_posted_on(); ?>
 			</div><!-- .entry-meta -->
 			<?php endif; ?>
 
Index: wp-content/themes/twentyeleven/content-gallery.php
===================================================================
--- wp-content/themes/twentyeleven/content-gallery.php	(revision 18219)
+++ wp-content/themes/twentyeleven/content-gallery.php	(working copy)
@@ -18,16 +18,7 @@
 		</hgroup>
 
 		<div class="entry-meta">
-			<?php
-				printf( __( '<span class="sep">Posted on </span><a href="%1$s" rel="bookmark"><time class="entry-date" datetime="%2$s" pubdate>%3$s</time></a> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%4$s" title="%5$s" rel="author">%6$s</a></span>', 'twentyeleven' ),
-					get_permalink(),
-					get_the_date( 'c' ),
-					get_the_date(),
-					get_author_posts_url( get_the_author_meta( 'ID' ) ),
-					sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
-					get_the_author()
-				);
-			?>
+			<?php twentyeleven_posted_on(); ?>
 		</div><!-- .entry-meta -->
 	</header><!-- .entry-header -->
 
@@ -54,7 +45,7 @@
 				</figure><!-- .gallery-thumb -->
 
 				<p><em><?php printf( _n( 'This gallery contains <a %1$s>%2$s photo</a>.', 'This gallery contains <a %1$s>%2$s photos</a>.', $total_images, 'twentyeleven' ),
-						'href="' . get_permalink() . '" title="' . sprintf( esc_attr__( 'Permalink to %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ) . '" rel="bookmark"',
+						'href="' . esc_url( get_permalink() ) . '" title="' . sprintf( esc_attr__( 'Permalink to %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ) . '" rel="bookmark"',
 						number_format_i18n( $total_images )
 					); ?></em></p>
 			<?php endif; ?>
Index: wp-content/themes/twentyeleven/functions.php
===================================================================
--- wp-content/themes/twentyeleven/functions.php	(revision 18219)
+++ wp-content/themes/twentyeleven/functions.php	(working copy)
@@ -300,7 +300,7 @@
 		else
 			$style = ' style="color:#' . get_theme_mod( 'header_textcolor', HEADER_TEXTCOLOR ) . ';"';
 		?>
-		<h1><a id="name"<?php echo $style; ?> onclick="return false;" href="<?php echo home_url( '/' ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
+		<h1><a id="name"<?php echo $style; ?> onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
 		<div id="desc"<?php echo $style; ?>><?php bloginfo( 'description' ); ?></div>
 		<?php $header_image = get_header_image();
 		if ( ! empty( $header_image ) ) : ?>
@@ -325,7 +325,7 @@
  * Returns a "Continue Reading" link for excerpts
  */
 function twentyeleven_continue_reading_link() {
-	return ' <a href="'. get_permalink() . '">' . __( 'Continue reading <span class="meta-nav">&rarr;</span>', 'twentyeleven' ) . '</a>';
+	return ' <a href="'. esc_url( get_permalink() ) . '">' . __( 'Continue reading <span class="meta-nav">&rarr;</span>', 'twentyeleven' ) . '</a>';
 }
 
 /**
@@ -558,4 +558,38 @@
 			break;
 	endswitch;
 }
-endif; // ends check for twentyeleven_comment()
\ No newline at end of file
+endif; // ends check for twentyeleven_comment()
+
+if ( ! function_exists( 'twentyeleven_posted_on' ) ) :
+/**
+ * Prints HTML with meta information for the current post-date/time and author.
+ *
+ * @since Twenty Eleven 1.0
+ */
+function twentyeleven_posted_on() {
+	printf( __( '<span class="sep">Posted on </span><a href="%1$s" title="%2$s" rel="bookmark"><time class="entry-date" datetime="%3$s" pubdate>%4$s</time></a><span class="by-author"> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="%5$s" title="%6$s" rel="author">%7$s</a></span></span>', 'twentyeleven' ),
+		esc_url( get_permalink() ),
+		esc_attr( get_the_time() ),
+		esc_attr( get_the_date( 'c' ) ),
+		esc_html( get_the_date() ),
+		esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ),
+		sprintf( esc_attr__( 'View all posts by %s', 'twentyeleven' ), get_the_author() ),
+		esc_html( get_the_author() )
+	);
+}
+endif;
+
+/**
+ * Adds Twenty Eleven author class to the array of body classes.
+ *
+ * @since Twenty Eleven 1.0
+ */
+function twentyeleven_author_class( $classes ) {
+
+	if ( ! is_multi_author() ) {
+		$classes[] = 'single-author';
+	}
+	
+	return $classes;
+}
+add_filter( 'body_class', 'twentyeleven_author_class' );
Index: wp-content/themes/twentyeleven/image.php
===================================================================
--- wp-content/themes/twentyeleven/image.php	(revision 18219)
+++ wp-content/themes/twentyeleven/image.php	(working copy)
@@ -29,10 +29,10 @@
 								printf( __( '<span class="meta-prep meta-prep-entry-date">Published </span> <span class="entry-date"><abbr class="published" title="%1$s">%2$s</abbr></span> at <a href="%3$s" title="Link to full-size image">%4$s &times; %5$s</a> in <a href="%6$s" title="Return to %7$s" rel="gallery">%7$s</a>', 'twentyeleven' ),
 									esc_attr( get_the_time() ),
 									get_the_date(),
-									wp_get_attachment_url(),
+									esc_url( wp_get_attachment_url() ),
 									$metadata['width'],
 									$metadata['height'],
-									get_permalink( $post->post_parent ),
+									esc_url( get_permalink( $post->post_parent ) ),
 									get_the_title( $post->post_parent )
 								);
 							?>
@@ -69,7 +69,7 @@
 		$next_attachment_url = wp_get_attachment_url();
 	}
 ?>
-								<a href="<?php echo $next_attachment_url; ?>" title="<?php echo esc_attr( get_the_title() ); ?>" rel="attachment"><?php
+								<a href="<?php echo esc_url( $next_attachment_url ); ?>" title="<?php echo esc_attr( get_the_title() ); ?>" rel="attachment"><?php
 								$attachment_size = apply_filters( 'twentyeleven_attachment_size', 848 );
 								echo wp_get_attachment_image( $post->ID, array( $attachment_size, 1024 ) ); // filterable image width with 1024px limit for image height.
 								?></a>
@@ -92,9 +92,9 @@
 
 					<footer class="entry-meta">
 						<?php if ( comments_open() && pings_open() ) : // Comments and trackbacks open ?>
-							<?php printf( __( '<a class="comment-link" href="#respond" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyeleven' ), get_trackback_url() ); ?>
+							<?php printf( __( '<a class="comment-link" href="#respond" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyeleven' ), esc_url( get_trackback_url() ) ); ?>
 						<?php elseif ( ! comments_open() && pings_open() ) : // Only trackbacks open ?>
-							<?php printf( __( 'Comments are closed, but you can leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyeleven' ), get_trackback_url() ); ?>
+							<?php printf( __( 'Comments are closed, but you can leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyeleven' ), esc_url( get_trackback_url() ) ); ?>
 						<?php elseif ( comments_open() && ! pings_open() ) : // Only comments open ?>
 							<?php _e( 'Trackbacks are closed, but you can <a class="comment-link" href="#respond" title="Post a comment">post a comment</a>.', 'twentyeleven' ); ?>
 						<?php elseif ( ! comments_open() && ! pings_open() ) : // Comments and trackbacks closed ?>