Ensure that keywords are escaped within a spree_analytics call

Thanks to Michael Bianco from Ascension Press for bringing this to our attention

dash/app/helpers/spree/analytics_helper.rb

@@ -2,7 +2,7 @@ module Spree
   module AnalyticsHelper
 
     def spree_analytics
-      render :partial => 'analytics/header'
+      render :partial => 'spree/analytics/header'
     end
 
     def analytics_tags
@@ -31,7 +31,7 @@ def taxon_analytics_tags
 
     def keywords_analytics_tags
       return {} unless params[:keywords]
-      { :search => { :keyword => params[:keywords] } }
+      { :search => { :keyword => u(params[:keywords]) } }
     end
 
     def cart_analytics_tags

dash/spec/helpers/spree/analytics_helper_spec.rb

@@ -31,7 +31,9 @@ module Spree
                         :ship_total => "22.99",
                         :tax_total => "4.99",
                         :adjustment_total => "0.00",
-                        :item_total => "1.99")
+                        :item_total => "1.99",
+                        :cart? => false,
+                        :complete? => false)
 
       end
 
@@ -56,6 +58,16 @@ module Spree
         tags[:search][:keyword].should eq "rails"
       end
 
+      it "escapes keywords" do
+        Spree::Dash::Config.app_id = "test"
+        Spree::Dash::Config.token = "test"
+        Spree::Dash::Config.site_id " test"
+        params[:keywords] = "\"funny><looking><keywords"
+        tags = helper.spree_analytics
+        tags.should_not include("funny><looking><keywords")
+        tags.should include("%22funny%3E%3Clooking%3E%3Ckeywords")
+      end
+
       it "for cart" do
         @order.should_receive(:cart?).and_return(true)
         assign :order, @order