Potential fix for code scanning alert no. 7: Incomplete URL substring sanitization

[BetterMint]

Potential fix for https://github.com/BetterMint/BetterMITM/security/code-scanning/7

The check on line 114 should verify that "http://example.com:80" appears as a complete URL in the structure of the content, not just as an arbitrary substring. We should parse the response content and confirm that the URL is present in its intended place (e.g., as a literal value between specific XML tags, as found in test-generated sitemaps, etc.).

Given context from other test cases (e.g., usage of "<url><loc>http://example.com:80/</loc></url>" in the TestSitemapInjection class), it's likely that the desired output here is a literal HTML or XML structure that includes the URL at a predictable position. The correct fix is to assert the presence of, for example, an exact tag (as in <loc>http://example.com:80/</loc>) or similar, rather than the naked substring.

Steps:

• Update line 114 to check for the expected tag-wrapped URL, e.g., <loc>http://example.com:80/</loc> where appropriate, or the exact HTML structure if it is intended as HTML.
• If necessary (and if the context requires), parse the response content using an HTML or XML parser and check that the URL is present as expected.

Since we have not seen the full output format, we should follow the technique used in the TestSitemapInjection checks above and look for an exact string match for the structured output.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.