From 02141fef50174f888828ed07c404927349ed6b15 Mon Sep 17 00:00:00 2001
From: Hong Phuc <hongphuc.dthp@gmail.com>
Date: Wed, 13 May 2026 00:55:22 +0700
Subject: [PATCH] fix(gui): tighten youtube id validation

Use the explicit base64url-like character class for YouTube IDs so background validation no longer accepts punctuation matched by A-z ranges.

Tested: rtk docker compose run --rm test
---
 utils/gui_utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/gui_utils.py b/utils/gui_utils.py
index 9fa1df8..a4e85e1 100644
--- a/utils/gui_utils.py
+++ b/utils/gui_utils.py
@@ -178,7 +178,7 @@ def delete_background(key):
 # Add background video
 def add_background(youtube_uri, filename, citation, position):
     # Validate YouTube URI
-    regex = re.compile(r"(?:\/|%3D|v=|vi=)([0-9A-z\-_]{11})(?:[%#?&]|$)").search(youtube_uri)
+    regex = re.compile(r"(?:\/|%3D|v=|vi=)([0-9A-Za-z_-]{11})(?:[%#?&]|$)").search(youtube_uri)
 
     if not regex:
         flash("YouTube URI is invalid!", "error")