php – Injection inside double quoted section of script element

For a test to find vulnerabilities I found the following code in a page and I am looking for ways to manipulate it:

<script>
    func({
     "key1": "value",
     "object": {
         "key2": "value",
         "key3": "<?php echo htmlspecialchars($_GET('param')); ?>",
         "key4": "value",
     }
    }, "string");
</script>

Document is UTF-8 and default parameters for htmlspecialchars are used so &quot; &lt; &gt; &amp; are converted but ', and newlines are not. htmlspecialchars can cause issues inside a script tag but is it actually possible in this case to escape the double quotes and either inject executable javascript code or manipulate the object by changing or adding keys/values?

What I have tried is to make param have a at the end which escapes the double quote but that just causes a SyntaxError because the line ends after it.

So other than making the entire script fail is there a way?