v4.3.1

4.3.1 (2020-03-06)

This versions fixes a Cross-Site Scripting (XSS) vulnerability (#4344) when using the refinementList widget when relying on its default item template and routing. We recommend all users to upgrade to this version. We now escape the refinementList item template by default, which avoids HTML to be injected. If ever you were relying on this behavior, which we do not recommend, you can copy the previous item template into your widget.

You were not vulnerable to this XSS if:

• You didn't use routing
• You didn't use use the refinementList widget (connectRefinementList is not subject to this issue)
• You used a custom item template for your refinementList widget that does not rely on the triple-brace Hogan.js syntax (e.g., {{{highlighted}}})

Bug Fixes

• refinementList: prevent XSS via routing (#4344) (8552221)