From 199206849a87ddd0fa5cf674eb3c58292fd8366c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Ausw=C3=B6ger?= <martin@auswoeger.com>
Date: Thu, 5 May 2022 08:32:15 +0200
Subject: [PATCH] Merge pull request from GHSA-m8x6-6r63-qvj2

---
 core-bundle/src/Resources/contao/pages/PageRegular.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core-bundle/src/Resources/contao/pages/PageRegular.php b/core-bundle/src/Resources/contao/pages/PageRegular.php
index c0e20167c7f..00cf842b9cf 100644
--- a/core-bundle/src/Resources/contao/pages/PageRegular.php
+++ b/core-bundle/src/Resources/contao/pages/PageRegular.php
@@ -230,12 +230,12 @@ protected function prepare($objPage)
 		$this->Template->pageTitle = str_replace('[-]', '', $this->Template->pageTitle);
 
 		// Meta robots tag
-		$this->Template->robots = $headBag->getMetaRobots();
+		$this->Template->robots = htmlspecialchars($headBag->getMetaRobots());
 
 		// Canonical
 		if ($objPage->enableCanonical)
 		{
-			$this->Template->canonical = $headBag->getCanonicalUriForRequest($request);
+			$this->Template->canonical = htmlspecialchars($headBag->getCanonicalUriForRequest($request));
 		}
 
 		// Fall back to the default title tag