You should use esc_html() as the way you are using wp_specialchars() is vulnerable to XSS.