Fix XSS in the idp url parameter

[brianvans]

This PR fixes an XSS issue in the login view where arbitrary input from the idp parameter can end up in the resulting html unescaped.

[peppelinux]

Hi @brianvans

It looks very good and sorry for the late in the answer! I just ask you to add a small change before approving, merging and having a new release.

If you can't do that soon, I can do it, just tell me