Markdown/BBcode allows youtube autoplay flags

[Apogate]

Which can be pretty funny. Looking into moving the whole [youtube] tag into an embed feature instead.

[RePod]

Not a difficult fix, in the regex just stop at the first non-alphanumeric character after you start looking.

However, it appears that the Markdown's YT regex is using the proper \w, which captures A-Z 0-9 and underscore (this also falls in line with YT's video ID scheme), instead of .*, which captures anything. Are you sure Markdown is affected?

---

Markdown Proofs (Javascript, but the regex is the same as needed):

/\?v=(\w+)/ig.exec("https://www.youtube.com/watch?v=dQw4w9WgXcQ").pop()
"dQw4w9WgXcQ"

Assuming it's just '&autoplay=1':

/\?v=(\w+)/ig.exec("https://www.youtube.com/watch?v=dQw4w9WgXcQ&autoplay=1").pop()
"dQw4w9WgXcQ"

There's no way around it. If you use an HTML entity (by somehow not being URL encoded) like & it'd fail at the &. If you tried prematurely URL encoding it as %26 it'd also fail at the %.

Shouldn't be difficult to copy over Markdown's YT regex, BBCode-ify it and be done with it.

[Apogate]

youtube embedding is now handled by the extension. we can revisit this if we decide to support embeds in lieu of images when posting