From f99ce76ef591a2f2fe77da3a46d29bcb78557158 Mon Sep 17 00:00:00 2001
From: Joris <joris.lambrechts@kuleuven.be>
Date: Thu, 24 Jan 2019 13:52:21 +0100
Subject: [PATCH] prevent xss javascript injection through facet values

---
 helpers/SolrSearch_Helpers_Facet.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helpers/SolrSearch_Helpers_Facet.php b/helpers/SolrSearch_Helpers_Facet.php
index d77c6d07..78731414 100644
--- a/helpers/SolrSearch_Helpers_Facet.php
+++ b/helpers/SolrSearch_Helpers_Facet.php
@@ -31,7 +31,7 @@ public static function parseFacets()
 
             // Collapse into an array of pairs.
             foreach ($matches['field'] as $i => $field) {
-                $facets[] = array($field, $matches['value'][$i]);
+                $facets[] = array($field, htmlspecialchars(strip_tags($matches['value'][$i])));
             }
 
         }