From cf7782e08134f8092c6ff76806514405f00d2fb0 Mon Sep 17 00:00:00 2001
From: navya9singh <navyasingh@microsoft.com>
Date: Wed, 29 Jan 2025 13:20:52 -0800
Subject: [PATCH 1/2] Fixing client side cross scripting vulnerability

---
 .../typescriptlang-org/src/templates/play.tsx | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/packages/typescriptlang-org/src/templates/play.tsx b/packages/typescriptlang-org/src/templates/play.tsx
index a771c49c6fb2..135949664c58 100644
--- a/packages/typescriptlang-org/src/templates/play.tsx
+++ b/packages/typescriptlang-org/src/templates/play.tsx
@@ -111,7 +111,30 @@ const Play: React.FC<Props> = (props) => {
           div.style.webkitAnimation = ""
         })
 
-        document.getElementById("loading-message")!.innerHTML = `This version of TypeScript <em>(${tsVersion?.replace(/</g, "-")})</em><br/>has not been prepared for the Playground<br/><br/>Try <a href='/play?ts=${latestRelease}${document.location.hash}'>${latestRelease}</a> or <a href="/play?ts=next${document.location.hash}">Nightly</a>`
+        const loadingMessage = document.getElementById("loading-message")!
+        loadingMessage.textContent = ""
+
+        const em = document.createElement("em")
+        em.textContent = `(${tsVersion?.replace(/</g, "-")})`
+
+        const latestReleaseLink = document.createElement('a');
+        latestReleaseLink.href = `/play?ts=${latestRelease}${document.location.hash}`;
+        latestReleaseLink.textContent = latestRelease;
+
+        const nightlyLink = document.createElement('a');
+        nightlyLink.href = `/play?ts=next${document.location.hash}`;
+        nightlyLink.textContent = 'Nightly';
+
+        loadingMessage.appendChild(document.createTextNode("This version of TypeScript "))
+        loadingMessage.appendChild(em)
+        loadingMessage.appendChild(document.createElement("br"))
+        loadingMessage.appendChild(document.createTextNode("has not been prepared for the Playground"))
+        loadingMessage.appendChild(document.createElement("br"))
+        loadingMessage.appendChild(document.createElement("br"))
+        loadingMessage.appendChild(document.createTextNode("Try "))
+        loadingMessage.appendChild(latestReleaseLink)
+        loadingMessage.appendChild(document.createTextNode(" or "))
+        loadingMessage.appendChild(nightlyLink)
         return
       }
 

From 477162f97187e76fb44355b55c031173703fe868 Mon Sep 17 00:00:00 2001
From: navya9singh <navyasingh@microsoft.com>
Date: Wed, 29 Jan 2025 16:29:33 -0800
Subject: [PATCH 2/2] removing replace

---
 packages/typescriptlang-org/src/templates/play.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/typescriptlang-org/src/templates/play.tsx b/packages/typescriptlang-org/src/templates/play.tsx
index 135949664c58..d22b956618ad 100644
--- a/packages/typescriptlang-org/src/templates/play.tsx
+++ b/packages/typescriptlang-org/src/templates/play.tsx
@@ -115,7 +115,7 @@ const Play: React.FC<Props> = (props) => {
         loadingMessage.textContent = ""
 
         const em = document.createElement("em")
-        em.textContent = `(${tsVersion?.replace(/</g, "-")})`
+        em.textContent = `(${tsVersion})`
 
         const latestReleaseLink = document.createElement('a');
         latestReleaseLink.href = `/play?ts=${latestRelease}${document.location.hash}`;