Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Comments

  • edited May 17 Chrome

    What are you expect to see?
    Of course it will display text instead of parsed HTML.
    XSS, my friend. Only textContent. No exclusions.

    So if you wanna see your image, you have to replace in function generateDlLink

    el.textContent = `⬇ ${fmt_name}`;
    with
    el.innerHTML = '<img src="//cdn6.aptoide.com/imgs/f/3/3/f332882c38a4855e6b51db18aede9c0e_icon.png?w=120">'
    or even better with
    el.appendChild(new Image).src = '//cdn6.aptoide.com/imgs/f/3/3/f332882c38a4855e6b51db18aede9c0e_icon.png?w=20';
    
  • edited May 25 Chrome

    .

  • Me too. What are you want to get?

  • edited May 25 Chrome

    .

  • You have to replace

    el.textContent = `⬇ ${fmt_name}`;
    

    with

    el.appendChild(new Image).src = '//cdn6.aptoide.com/imgs/f/3/3/f332882c38a4855e6b51db18aede9c0e_icon.png?w=20';
    
  • edited May 25 Chrome

    .

Sign In or Register to comment.