How I found a TypeScript public playground XSS exploit
In 2021, I was playing around with the online TypeScript sandbox, when I discovered a weird issue. When trying to write XML to the terminal, it instead of showing me the string representation, it was actually executing it. While it makes sense for a code sandbox to execute the code you input, it is important it stays within the sandbox, as the sandbox has the proper restrictions put on the…