Permalink
Browse files

Fixing an issue with AntiXSS 4.5 issue (actually, specifying non defa…

…ult encoder in the web config).
  • Loading branch information...
1 parent 20aaac4 commit 7d12f315a376a2e527d74c2214612fd154ba051a @ayende ayende committed Apr 4, 2012
Showing with 6 additions and 1 deletion.
  1. +6 −1 Raven.Database/Extensions/MonoHttpEncoder.cs
@@ -107,7 +107,12 @@ static MonoHttpEncoder ()
{
#if NET_4_0
defaultEncoder = new Lazy <MonoHttpEncoder> (() => new MonoHttpEncoder ());
- currentEncoderLazy = new Lazy <MonoHttpEncoder> (new Func <MonoHttpEncoder> (GetCustomEncoderFromConfig));
+ // NOTE: We explicitly removed this line, we use MonoHttpUtility to avoid config issues and App_Start probelms
+ // and we only use this internally for our own stuff, we never want to allow this configuration, and it is
+ // something that we can safely disable
+
+ // new Lazy <MonoHttpEncoder> (new Func <MonoHttpEncoder> (GetCustomEncoderFromConfig));
+ currentEncoderLazy = defaultEncoder;
#else
defaultEncoder = new HttpEncoder ();
currentEncoder = defaultEncoder;

0 comments on commit 7d12f31

Please sign in to comment.