From e1ff6328d6a1c8449826c1dd13f4aca30ca5e24a Mon Sep 17 00:00:00 2001
From: rahuljain-dev <rahul.jain@contractors.onbase.com>
Date: Thu, 16 May 2024 16:31:10 +0530
Subject: [PATCH] WEBUI-1510: Own Code Static Scan : Cross-Site Scripting (XSS)

---
 .../nuxeo-document-creation-behavior.js                     | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js b/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js
index 81b6e9fa45..4ccda1aa15 100644
--- a/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js
+++ b/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js
@@ -84,10 +84,8 @@ export const DocumentCreationBehavior = [
 
     newDocument(type, properties) {
       if (!schemaFetcher) {
-        schemaFetcher = document.createElement('div');
-        schemaFetcher.innerHTML = '<nuxeo-resource></nuxeo-resource>';
-        this.shadowRoot.appendChild(schemaFetcher);
-        [schemaFetcher] = schemaFetcher.getElementsByTagName('nuxeo-resource');
+        schemaFetcher = document.createElement('nuxeo-resource');
+        document.body.appendChild(schemaFetcher);
       }
       schemaFetcher.path = `path/${this.targetPath}/@emptyWithDefault`;
       schemaFetcher.params = { type: this.selectedDocType.type };