Escape meta attributes to avoid XSS injection

templates/partials/meta.php

@@ -1,9 +1,9 @@
 <?php foreach ($page->metadata() as $meta): ?>
 <?php if ($meta->isCharset()): ?>
-    <meta charset="<?= $meta->content() ?>">
-<?php elseif ($meta->isHTTPEquiv()): ?>
-    <meta http-equiv="<?= $meta->name() ?>" content="<?= $meta->content() ?>">
+    <meta charset="<?= $this->escapeAttr($meta->content()) ?>">
+<?php elseif ($meta->isHTTPEquiv()) : ?>
+    <meta http-equiv="<?= $this->escapeAttr($meta->name()) ?>" content="<?= $this->escapeAttr($meta->content()) ?>">
 <?php else: ?>
-    <meta <?= $meta->prefix() === 'og' ? 'property' : 'name' ?>="<?= $meta->name() ?>" content="<?= $meta->content() ?>">
+    <meta <?= $meta->prefix() === 'og' ? 'property' : 'name' ?>="<?= $this->escapeAttr($meta->name()) ?>" content="<?= $this->escapeAttr($meta->content()) ?>">
 <?php endif; ?>
 <?php endforeach; ?>