fix: escape a single quote

[yusukebe]

Hi,

Firstly, thank you for the great project.

In this PR, I've implemented the escaping of a single quote (0x27) to '. This modification will prevent the potential execution of scripts, as illustrated below:

const value = "alert('bar!')";
return <div onMouseOver={value}>foo</div>;

[changeset-bot]

🦋 Changeset detected

Latest commit: 345fcc7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
preact-render-to-string	Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[marvinhagemeister]

FYI: This is a breaking change. A a good chunk of users from the Fresh framework depend on this working.

[yusukebe]

Hi @marvinhagemeister,

I'm aware that Preact is used for Fresh, and I a fan of it. Indeed, this change introduces a breaking change that could have a significant impact. I believe it would be best to include this change when this package is released with a major version upgrade.