Fixing bug: Unsafe HTML constructed from library input (#3312)

Author: navya9singh

packages/playground/src/index.ts

@@ -284,7 +284,10 @@ export const setupPlayground = (
 
   // Set up the label for the dropdown
   const versionButton = document.querySelectorAll("#versions > a").item(0)
-  versionButton.innerHTML = "v" + sandbox.ts.version + " <span class='caret'/>"
+  versionButton.textContent = "v" + sandbox.ts.version + " "
+  const caret = document.createElement("spam")
+  caret.classList.add("caret")
+  versionButton.appendChild(caret)
   versionButton.setAttribute("aria-label", `Select version of TypeScript, currently ${sandbox.ts.version}`)
 
   // Add the versions to the dropdown