diff --git a/build/importTypescript.ts b/build/importTypescript.ts
index 14035727..84b7edc8 100644
--- a/build/importTypescript.ts
+++ b/build/importTypescript.ts
@@ -37,10 +37,15 @@ export const typescriptVersion = "${typeScriptDependencyVersion}";\n`
 
 	let tsServices = fs.readFileSync(path.join(TYPESCRIPT_LIB_SOURCE, 'typescript.js')).toString();
 
-	tsServices = tsServices.replace(
-		'const path = matchedStar ? subst.replace("*", matchedStar) : subst;',
-		'const path = matchedStar ? subst.replace("*", matchedStar) : subst; // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler'
-	);
+	tsServices = tsServices
+		.replace(
+			'const path = matchedStar ? subst.replace("*", matchedStar) : subst;',
+			'const path = matchedStar ? subst.replace("*", matchedStar) : subst; // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler'
+		)
+		.replace(
+			'return key.replace("*", matchedStar);',
+			'return key.replace("*", matchedStar); // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler'
+		);
 
 	// The output from this build will only be accessible via ESM; rather than removing
 	// references to require/module, define them as dummy variables that bundlers will ignore.
diff --git a/src/language/typescript/lib/typescriptServices.js b/src/language/typescript/lib/typescriptServices.js
index e8d06368..4a26445e 100644
--- a/src/language/typescript/lib/typescriptServices.js
+++ b/src/language/typescript/lib/typescriptServices.js
@@ -44626,7 +44626,7 @@ ${lanes.join("\n")}
           for (const { ending, value } of candidates) {
             if (value.length >= prefix.length + suffix.length && startsWith(value, prefix) && endsWith(value, suffix) && validateEnding({ ending, value })) {
               const matchedStar = value.substring(prefix.length, value.length - suffix.length);
-              return key.replace("*", matchedStar);
+              return key.replace("*", matchedStar); // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler
             }
           }
         } else if (some(candidates, (c) => c.ending !== 0 /* Minimal */ && pattern === c.value) || some(candidates, (c) => c.ending === 0 /* Minimal */ && pattern === c.value && validateEnding(c))) {
diff --git a/website/src/runner/index.ts b/website/src/runner/index.ts
index 97776901..aaedd7e5 100644
--- a/website/src/runner/index.ts
+++ b/website/src/runner/index.ts
@@ -46,7 +46,7 @@ async function initialize(state: IPreviewState) {
 
 	const style = document.createElement("style");
 	style.id = "custom-style";
-	style.innerHTML = state.css;
+	style.innerHTML = state.css; // CodeQL [SM03712] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. // CodeQL [SM02688] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground.
 	document.body.appendChild(style);
 
 	document.body.innerHTML += state.html;