diff --git a/Gemfile b/Gemfile
index 8b44b54e22c0cacaa9d80462026bc194ff64bc06..14522d91ed0299ec4c4f978b760447d98953bd63 100644
--- a/Gemfile
+++ b/Gemfile
@@ -77,7 +77,7 @@ gem 'rack-cors',    '~> 0.4.0', require: 'rack/cors'
 gem 'kaminari', '~> 0.17.0'
 
 # HAML
-gem 'hamlit', '~> 2.5'
+gem 'hamlit', '~> 2.6.1'
 
 # Files attachments
 gem 'carrierwave', '~> 0.10.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 2244c20203b966dcafc6e066fea11e64cc1ba93c..cab94294dc1caecc1e450b18e8ce1d9008de66c3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -321,7 +321,7 @@ GEM
     grape-entity (0.4.8)
       activesupport
       multi_json (>= 1.3.2)
-    hamlit (2.5.0)
+    hamlit (2.6.1)
       temple (~> 0.7.6)
       thor
       tilt
@@ -863,7 +863,7 @@ DEPENDENCIES
   gon (~> 6.1.0)
   grape (~> 0.15.0)
   grape-entity (~> 0.4.2)
-  hamlit (~> 2.5)
+  hamlit (~> 2.6.1)
   health_check (~> 2.1.0)
   hipchat (~> 1.5.0)
   html-pipeline (~> 1.11.0)
diff --git a/spec/helpers/page_layout_helper_spec.rb b/spec/helpers/page_layout_helper_spec.rb
index cf632f594c74e37dcf7164174ea267da3a18b63c..dc07657e101354d98fd46db4c59776f18656dfb9 100644
--- a/spec/helpers/page_layout_helper_spec.rb
+++ b/spec/helpers/page_layout_helper_spec.rb
@@ -97,5 +97,14 @@
         expect(tags).to include %q(<meta property="twitter:data1" content="bar" />)
       end
     end
+
+    it 'escapes content' do
+      allow(helper).to receive(:page_card_attributes)
+        .and_return(foo: %q{foo" http-equiv="refresh}.html_safe)
+
+      tags = helper.page_card_meta_tags
+
+      expect(tags).to include(%q{content="foo&quot; http-equiv=&quot;refresh"})
+    end
   end
 end
diff --git a/spec/views/layouts/_head.html.haml_spec.rb b/spec/views/layouts/_head.html.haml_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..3fddfb3b62f491b46f82fa30e03ca1809fe9bb80
--- /dev/null
+++ b/spec/views/layouts/_head.html.haml_spec.rb
@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe 'layouts/_head' do
+  before do
+    stub_template 'layouts/_user_styles.html.haml' => ''
+  end
+
+  it 'escapes HTML-safe strings in page_title' do
+    stub_helper_with_safe_string(:page_title)
+
+    render
+
+    expect(rendered).to match(%{content="foo&quot; http-equiv=&quot;refresh"})
+  end
+
+  it 'escapes HTML-safe strings in page_description' do
+    stub_helper_with_safe_string(:page_description)
+
+    render
+
+    expect(rendered).to match(%{content="foo&quot; http-equiv=&quot;refresh"})
+  end
+
+  it 'escapes HTML-safe strings in page_image' do
+    stub_helper_with_safe_string(:page_image)
+
+    render
+
+    expect(rendered).to match(%{content="foo&quot; http-equiv=&quot;refresh"})
+  end
+
+  def stub_helper_with_safe_string(method)
+    allow_any_instance_of(PageLayoutHelper).to receive(method)
+      .and_return(%q{foo" http-equiv="refresh}.html_safe)
+  end
+end