diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Messages/IndirectSignedResponse.cs b/src/DotNetOpenAuth.OpenId/OpenId/Messages/IndirectSignedResponse.cs
index 8bceb680dc..1242b20f8a 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/Messages/IndirectSignedResponse.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/Messages/IndirectSignedResponse.cs
@@ -404,8 +404,8 @@ internal IndirectSignedResponse(Version version, Uri relyingPartyReturnTo)
 				IsQuerySubsetOf(this.Recipient.Query, this.ReturnTo.Query),
 				OpenIdStrings.ReturnToParamDoesNotMatchRequestUrl,
 				Protocol.openid.return_to,
-				this.ReturnTo,
-				this.Recipient);
+				this.ReturnTo.AbsoluteUri,
+				this.Recipient.AbsoluteUri);
 		}
 	}
 }
diff --git a/src/DotNetOpenAuth.OpenId/Xrds/XrdsDocument.cs b/src/DotNetOpenAuth.OpenId/Xrds/XrdsDocument.cs
index 0e1ecc176e..a0c59c4b88 100644
--- a/src/DotNetOpenAuth.OpenId/Xrds/XrdsDocument.cs
+++ b/src/DotNetOpenAuth.OpenId/Xrds/XrdsDocument.cs
@@ -54,7 +54,7 @@ public XrdsDocument(XmlReader reader)
 		/// <param name="xml">The text that is the XRDS document.</param>
 		[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Fixing would decrease readability, and not likely avoid any finalizer on a StringReader anyway.")]
 		public XrdsDocument(string xml)
-			: this(new XPathDocument(new StringReader(xml)).CreateNavigator()) { }
+			: this(new XPathDocument(XmlReader.Create(new StringReader(xml), MessagingUtilities.CreateUntrustedXmlReaderSettings())).CreateNavigator()) { }
 
 		/// <summary>
 		/// Gets the XRD child elements of the document.