Merge pull request #239 from plausible/escape_strings_in_js

Fixed: single quotes and ampersands would break syntax in JS on WC product pages

Author: Dan0sz

src/Integrations/WooCommerce.php

@@ -163,7 +163,7 @@ public function track_add_to_cart_on_product_page() {
 			plausibleAddToCartForm.classList.add('plausible-event-name=<?php echo str_replace( ' ', '+', $this->event_goals[ 'add-to-cart' ] ); ?>');
 			plausibleAddToCartForm.classList.add('plausible-event-quantity=' + plausibleQuantity.value);
 			plausibleAddToCartForm.classList.add('plausible-event-product_id=<?php echo $product->get_id(); ?>');
-			plausibleAddToCartForm.classList.add('plausible-event-product_name=<?php echo str_replace( ' ', '+', $product->get_name( null ) ); ?>');
+			plausibleAddToCartForm.classList.add('plausible-event-product_name=<?php echo str_replace( [ ' ', '&' ], '+', addslashes( $product->get_name( null ) ) ); ?>');
 			plausibleAddToCartForm.classList.add('plausible-event-price=<?php echo $product->get_price( null ); ?>');
 
 			plausibleQuantity.addEventListener('change', function (e) {