fix: Use more strict youtube id regex

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>

src/components/markdown-renderer/markdown-extension/youtube/replace-legacy-youtube-short-code.test.ts

@@ -29,12 +29,17 @@ describe('Replace legacy youtube short codes', () => {
     expect(markdownIt.renderInline(code)).toBe(code)
   })
 
-  it("won't detect an invalid(to short) youtube id", () => {
+  it("won't detect an invalid(too short) youtube id", () => {
     const code = '{%youtube 1 %}'
     expect(markdownIt.renderInline(code)).toBe(code)
   })
 
-  it("won't detect an invalid(to long) youtube id", () => {
+  it("won't detect an invalid(invalid characters) youtube id", () => {
+    const code = '{%youtube /!#/ %}'
+    expect(markdownIt.renderInline(code)).toBe(code)
+  })
+
+  it("won't detect an invalid(too long) youtube id", () => {
     const code = '{%youtube 111111111111111111111111111111111 %}'
     expect(markdownIt.renderInline(code)).toBe(code)
   })

src/components/markdown-renderer/markdown-extension/youtube/replace-legacy-youtube-short-code.ts

@@ -9,7 +9,7 @@ import { YoutubeMarkdownExtension } from './youtube-markdown-extension'
 import markdownItRegex from 'markdown-it-regex'
 import type MarkdownIt from 'markdown-it'
 
-export const legacyYouTubeRegex = /^{%youtube ([^"&?\\/\s]{11}) ?%}$/
+export const legacyYouTubeRegex = /^{%youtube\s+([\w-]{11})\s*%}$/
 
 /**
  * Configure the given {@link MarkdownIt} to render legacy hedgedoc 1 youtube short codes as embeddings.

src/components/markdown-renderer/markdown-extension/youtube/replace-youtube-link.test.ts

@@ -32,6 +32,21 @@ describe('Replace youtube link', () => {
           it("won't detect an URL without video id", () => {
             expect(markdownIt.renderInline(origin)).toBe(origin)
           })
+
+          it("won't detect an invalid(too short) youtube id", () => {
+            const invalidUrl = '${origin}?v=1'
+            expect(markdownIt.renderInline(invalidUrl)).toBe(invalidUrl)
+          })
+
+          it("won't detect an invalid(invalid characters) youtube id", () => {
+            const invalidUrl = '${origin}?v= /!#/'
+            expect(markdownIt.renderInline(invalidUrl)).toBe(invalidUrl)
+          })
+
+          it("won't detect an invalid(too long) youtube id", () => {
+            const invalidUrl = '${origin}?v=111111111111111111111111111111111'
+            expect(markdownIt.renderInline(invalidUrl)).toBe(invalidUrl)
+          })
         })
       })
     })

src/components/markdown-renderer/markdown-extension/youtube/replace-youtube-link.ts

@@ -12,7 +12,7 @@ import type MarkdownIt from 'markdown-it'
 const protocolRegex = /(?:http(?:s)?:\/\/)?/
 const subdomainRegex = /(?:www.)?/
 const pathRegex = /(?:youtube(?:-nocookie)?\.com\/(?:[^\\/]+\/.+\/|(?:v|e(?:mbed)?)\/|.*[?&]v=)|youtu\.be\/)/
-const idRegex = /([^"&?\\/\s]{11})/
+const idRegex = /([\w-]{11})/
 const tailRegex = /(?:[?&#].*)?/
 const youtubeVideoUrlRegex = new RegExp(
   `(?:${protocolRegex.source}${subdomainRegex.source}${pathRegex.source}${idRegex.source}${tailRegex.source})`