Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization

[Xenonesis]

Potential fix for https://github.com/Xenonesis/Budget-Buddy/security/code-scanning/4

To fix the problem, the code should parse the URL and check if the hostname is exactly 'ui-avatars.com' (or matches an allowed list of hosts). The fix involves replacing the substring check on line 82 with a more robust check: parsing target.src using the built-in URL class and comparing .hostname with 'ui-avatars.com'. No change in intended fallback functionality will occur, but the check is now precise. The relevant code change is in components/ui/team.tsx, specifically the onError handler in the <img ... /> element. No new dependencies are needed, as the WHATWG URL class is globally available in modern browsers.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
budget-buddy	Ready	Preview	Comment	Sep 6, 2025 9:11am

[netlify]

❌ Deploy Preview for budgetbuddyai failed. Why did it fail? →

Name	Link
🔨 Latest commit	dc65d33
🔍 Latest deploy log	https://app.netlify.com/projects/budgetbuddyai/deploys/68bbfa8a0eb1a40008330221

[sonarqubecloud]

Quality Gate failed

Failed conditions
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE