Unescaped ` in popup

[gutjuri]

Describe the bug
The character ` is not properly escaped in popup texts. This leads to the non-rendering of every map that contains such a popup. Additionally, this is a potential vulnerability, as it might allow HTML code to be injected into the browser (however, I didnt investigate this further).

To Reproduce

m = folium.Map(location=[48.7758459, 9.1829321], zoom_start=8)
folium.CircleMarker((48.7758459, 9.1829321), radius=1, popup="ayy`lmao").add_to(m)
folium.LayerControl().add_to(m)
m.save("test.html")

Viewing the resulting test.html gives me the following error in the Browser (Firefox):

Uncaught SyntaxError: missing ) after argument list test.html:74:154

The corresponding test.html:74:154:

var html_6e374539406378d61899620dc56b22de = $(`<div id="html_6e374539406378d61899620dc56b22de" style="width: 100.0%; height: 100.0%;">ayy`lmao</div>`)[0];

As you see, the "ayy`lmao" is not properly escaped. I'd imagine that this could lead to all sorts of injection attacks, however I didn't investigate this further.

Expected behavior
` is escaped properly.

Environment (please complete the following information):

• Browser firefox
• HTML
• python sys.version_info(major=3, minor=10, micro=6, releaselevel='final', serial=0)
• folium 0.13.0
• branca 0.5.0

folium is maintained by volunteers. Can you help making a fix for this issue?

Yes, but only in a week or so. If a fix is needed more quickly, I cannot help.

Best regards, Juri