Links can be injected into facets via query string

Links can be injected into facets via query string. This is a result of the call to filter_xss in adapter.inc being left at its default settings which allows for the anchor tag. I propose simply passing an empty array to the second parameter of filter_xss.

$parts[$id] = htmlspecialchars_decode(filter_xss($part)); would become $parts[$id] = htmlspecialchars_decode(filter_xss($part, []));