From cc8d335ab99b92cb4de956209cbdbc7310d5a6d3 Mon Sep 17 00:00:00 2001 From: rahuljain-dev Date: Fri, 17 May 2024 13:06:46 +0530 Subject: [PATCH] WEBUI-1510: Own Code Static Scan : Cross-Site Scripting (XSS) --- .../nuxeo-document-creation-behavior.js | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js b/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js index c03a762215..aaa2001740 100644 --- a/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js +++ b/elements/nuxeo-document-creation/nuxeo-document-creation-behavior.js @@ -20,8 +20,6 @@ import { config } from '@nuxeo/nuxeo-elements'; import { FormatBehavior } from '@nuxeo/nuxeo-ui-elements/nuxeo-format-behavior.js'; import { RoutingBehavior } from '@nuxeo/nuxeo-ui-elements/nuxeo-routing-behavior.js'; -let schemaFetcher = null; - /** * `Nuxeo.DocumentCreationBehavior` * @@ -78,24 +76,34 @@ export const DocumentCreationBehavior = [ subtypes: { type: Array, }, + + _resource: { + type: Object, + readOnly: true, + }, + }, + + get resource() { + if (!this._resource) { + this._set_resource(document.createElement('nuxeo-resource')); + this.shadowRoot.appendChild(this._resource); + } + return this._resource; }, observers: ['_validateLocation(isValidTargetPath,suggesterChildren)', '_updateDocument(selectedDocType, parent)'], newDocument(type, properties) { - if (!schemaFetcher) { - schemaFetcher = document.createElement('nuxeo-resource'); - this.shadowRoot.appendChild(schemaFetcher); - } - schemaFetcher.path = `path/${this.targetPath}/@emptyWithDefault`; - schemaFetcher.params = { type: this.selectedDocType.type }; - schemaFetcher.headers = { + const { resource } = this; + resource.path = `path/${this.targetPath}/@emptyWithDefault`; + resource.params = { type: this.selectedDocType.type }; + resource.headers = { properties: '*', 'fetch-document': 'properties', 'translate-directoryEntry': 'label', }; - schemaFetcher.enrichers = config.get('enrichers', {}); - return schemaFetcher.get().then((doc) => { + resource.enrichers = config.get('enrichers', {}); + return resource.get().then((doc) => { if (properties) { Object.keys(properties).forEach((prop) => { doc.properties[prop] = properties[prop];