Fixing an issue with AntiXSS 4.5 issue (actually, specifying non defa…

…ult encoder in the web config).
ravendb · Apr 4, 2012 · 7d12f31 · 7d12f31
1 parent 20aaac4
commit 7d12f31
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/Raven.Database/Extensions/MonoHttpEncoder.cs b/Raven.Database/Extensions/MonoHttpEncoder.cs
@@ -107,7 +107,12 @@ static MonoHttpEncoder ()
 		{
 #if NET_4_0
 			defaultEncoder = new Lazy <MonoHttpEncoder> (() => new MonoHttpEncoder ());
-			currentEncoderLazy = new Lazy <MonoHttpEncoder> (new Func <MonoHttpEncoder> (GetCustomEncoderFromConfig));
+			// NOTE: We explicitly removed this line, we use MonoHttpUtility to avoid config issues and App_Start probelms
+			// and we only use this internally for our own stuff, we never want to allow this configuration, and it is
+			// something that we can safely disable
+
+			// new Lazy <MonoHttpEncoder> (new Func <MonoHttpEncoder> (GetCustomEncoderFromConfig));
+			currentEncoderLazy = defaultEncoder;
 #else
 			defaultEncoder = new HttpEncoder ();
 			currentEncoder = defaultEncoder;