diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..36c0c249afd222a5a68ab19e3f2614ef8503aca5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,36 @@
+composer.json
+composer.lock
+CONTRIBUTING.md
+COPYING
+LICENSE
+package-lock.json
+package.json
+README.org
+SECURITY.md
+TESTING.md
+webpack.config.js
+attributemap/
+bin/
+cert/
+config-templates/
+config/
+dictionaries/
+docs/
+extra/
+lib/
+locales/
+log/
+metadata-templates/
+metadata/
+modules/
+phpcs.xml
+phpunit.xml
+routing/
+schemas/
+src/
+templates/
+tests/
+vendor/
+www/
+
+
diff --git a/modules/customauth/templates/authenticate.tpl.php b/modules/customauth/templates/authenticate.tpl.php
index 328e80ade2be3329a3333bd5793181c889bc7677..dad7cd1e441499d754d10f383d31fb7a1ef52ba0 100644
--- a/modules/customauth/templates/authenticate.tpl.php
+++ b/modules/customauth/templates/authenticate.tpl.php
@@ -99,7 +99,7 @@
         user = this.value;
         for (let key in users[user]) {
             attribute = users[user][key];
-            attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + " value='" + users[user][key] + "'><span title=\"" + message[key] + "\">" + key + "</span><br>\n";
+            attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + " value='" + users[user][key] + "'><span title='" + message[key] + "'>" + key + "</span><br>\n";
         };
 	$('#explanation').html(explanations[user]);
         $('#attributes').html(attributes);
diff --git a/modules/customauth/www/authpage.php b/modules/customauth/www/authpage.php
index e73f543d162105bc49fe4315867166c853d8e96c..6487068c19656dd9a24583a8cc52d0275ec8ec43 100644
--- a/modules/customauth/www/authpage.php
+++ b/modules/customauth/www/authpage.php
@@ -37,7 +37,10 @@ if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
 
 // our list of users.
 $raw_users = json_decode(file_get_contents('/opt/simplesamlphp/config/logins.json'), true);
-$attributes = json_decode(file_get_contents('/opt/simplesamlphp/config/attributes.json'), true);
+$attr_raw = json_decode(file_get_contents('/opt/simplesamlphp/config/attributes.json'), true);
+foreach($attr_raw as $attribute => $value) {
+  $attributes[$attribute] = htmlentities($value, ENT_QUOTES);
+}
 
 $users = [];
 $explanations = [];