Security fix: faked urls

Backend detection hasn't been resistant against faked urls like:

http://youtube.com.myurl.com/watch?v=abcde
http://vimeo.com.myurl.com/watch?v=abcde

It is fixed and added few tests to cover it.

embed_video/base.py

@@ -4,13 +4,13 @@
 import json
 
 DETECT_YOUTUBE = re.compile(
-    r'^(http(s)?://(www\.)?)?youtu(\.?)be(\.com)?.*', re.I
+    r'^(http(s)?://(www\.)?)?youtu(\.?)be(\.com)?/.*', re.I
 )
 DETECT_VIMEO = re.compile(
-    r'^(http(s)?://(www\.)?)?vimeo\.com.*', re.I
+    r'^(http(s)?://(www\.)?)?vimeo\.com/.*', re.I
 )
 DETECT_SOUNDCLOUD = re.compile(
-    r'^(http(s)?://(www\.)?)?soundcloud\.com.*', re.I
+    r'^(http(s)?://(www\.)?)?soundcloud\.com/.*', re.I
 )
 
 

embed_video/tests/tests_backend.py

@@ -5,10 +5,17 @@
 from django.template.context import RequestContext
 
 from ..base import detect_backend, YoutubeBackend, VimeoBackend, \
-        SoundCloundBackend
+        SoundCloundBackend, UnknownBackendException
 
 
 class EmbedVideoTestCase(TestCase):
+    unknown_backend_urls = (
+        'http://myurl.com/?video=http://www.youtube.com/watch?v=jsrRJyHBvzw',
+        'http://myurl.com/?video=www.youtube.com/watch?v=jsrRJyHBvzw',
+        'http://youtube.com.myurl.com/watch?v=jsrRJyHBvzw',
+        'http://vimeo.com.myurl.com/66577491',
+    )
+
     youtube_urls = (
         ('http://www.youtube.com/watch?v=jsrRJyHBvzw', 'jsrRJyHBvzw'),
         ('http://youtube.com/watch?v=jsrRJyHBvzw', 'jsrRJyHBvzw'),
@@ -92,6 +99,15 @@ def test_tag_vimeo(self):
 
         self.assertEqual(template.render(self._grc()).strip(), rendered)
 
+    def test_detect_bad_urls(self):
+        for url in self.unknown_backend_urls:
+            try:
+                backend = detect_backend(url)
+                self.assertEqual(backend, False)
+            except UnknownBackendException:
+                assert True
+
+
     def test_detect_youtube(self):
         for url in self.youtube_urls:
             backend = detect_backend(url[0])