If simpleSAMLphp is configured with a attribute hook that creates
attribute values containing associative arrays, and is displaying
attributes from an untrusted IdP, it can lead to cross-site scripting.

(Note that the feature allowing for attribute values with associative
arrays is believed to be unused, and will be removed in a future
release.)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2434 44740490-163a-0410-bde0-09ae8108e29a