From e7ff1ca502339ca176131888a8f43686436dcecf Mon Sep 17 00:00:00 2001
From: Manan <manan@neynar.com>
Date: Mon, 22 Dec 2025 22:35:30 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 2: Incomplete URL
 substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/components/ui/tabs/WalletTab.tsx | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/components/ui/tabs/WalletTab.tsx b/src/components/ui/tabs/WalletTab.tsx
index bf439c7..725cda9 100644
--- a/src/components/ui/tabs/WalletTab.tsx
+++ b/src/components/ui/tabs/WalletTab.tsx
@@ -169,11 +169,12 @@ export function WalletTab() {
    */
   useEffect(() => {
     // Check if we're in a Farcaster client environment
-    const isInFarcasterClient = typeof window !== 'undefined' && 
-      (window.location.href.includes('warpcast.com') || 
-       window.location.href.includes('farcaster') ||
-       window.ethereum?.isFarcaster ||
-       context?.client);
+    const isInFarcasterClient = typeof window !== 'undefined' && (() => {
+      const hostname = window.location.hostname.toLowerCase();
+      const isWarpcastHost = hostname === 'warpcast.com' || hostname.endsWith('.warpcast.com');
+      const isFarcasterHost = hostname === 'farcaster.com' || hostname.endsWith('.farcaster.com');
+      return isWarpcastHost || isFarcasterHost || window.ethereum?.isFarcaster || context?.client;
+    })();
     
     if (context?.user?.fid && !isConnected && connectors.length > 0 && isInFarcasterClient) {
       console.log("Attempting auto-connection with Farcaster context...");