From 7d12f315a376a2e527d74c2214612fd154ba051a Mon Sep 17 00:00:00 2001
From: Ayende Rahien <ayende@ayende.com>
Date: Wed, 4 Apr 2012 14:15:56 +0300
Subject: [PATCH] Fixing an issue with AntiXSS 4.5 issue (actually, specifying
 non default encoder in the web config).

---
 Raven.Database/Extensions/MonoHttpEncoder.cs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Raven.Database/Extensions/MonoHttpEncoder.cs b/Raven.Database/Extensions/MonoHttpEncoder.cs
index e192caf0af81..4fb0095bc361 100644
--- a/Raven.Database/Extensions/MonoHttpEncoder.cs
+++ b/Raven.Database/Extensions/MonoHttpEncoder.cs
@@ -107,7 +107,12 @@ static MonoHttpEncoder ()
 		{
 #if NET_4_0
 			defaultEncoder = new Lazy <MonoHttpEncoder> (() => new MonoHttpEncoder ());
-			currentEncoderLazy = new Lazy <MonoHttpEncoder> (new Func <MonoHttpEncoder> (GetCustomEncoderFromConfig));
+			// NOTE: We explicitly removed this line, we use MonoHttpUtility to avoid config issues and App_Start probelms
+			// and we only use this internally for our own stuff, we never want to allow this configuration, and it is
+			// something that we can safely disable
+
+			// new Lazy <MonoHttpEncoder> (new Func <MonoHttpEncoder> (GetCustomEncoderFromConfig));
+			currentEncoderLazy = defaultEncoder;
 #else
 			defaultEncoder = new HttpEncoder ();
 			currentEncoder = defaultEncoder;