fix: address review 4139627117 — lang attribute boundary + resilient strip pass

Copilot · pethers · web-flow · commit fbd413f1e879 · 2026-04-20T12:25:50.000Z
- getLangAttributeValue: require `lang` to be preceded by `<` (tag start) or whitespace, so attributes like `data-lang` / `xml:lang` are no longer mistakenly treated as `lang`. - stripLangTaggedBlocks: when parseTagAt returns null (stray `<` in text / malformed markup), advance one character and continue instead of breaking, so later lang-tagged blocks are still stripped. - Added regression tests for both cases. 41/41 leakage tests pass. Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/5c8ca773-8b4f-480a-9557-3db1ca666cc1 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
diff --git a/scripts/detect-swedish-leakage.ts b/scripts/detect-swedish-leakage.ts
@@ -264,7 +264,10 @@ function parseTagAt(html: string, startIndex: number): ParsedTag | null {
 
 /** Extract the value of the `lang` attribute from a raw tag string, or null if absent. */
 function getLangAttributeValue(rawTag: string): string | null {
-  const m = /\blang\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s"'=<>`]+))/i.exec(rawTag);
+  // Require `lang` to be a standalone attribute name — preceded by `<` (tag-start) or
+  // whitespace — so attributes like `data-lang` or `xml:lang` are not mistakenly treated
+  // as `lang`.
+  const m = /(?:<|\s)lang\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s"'=<>`]+))/i.exec(rawTag);
   return m?.[1] ?? m?.[2] ?? m?.[3] ?? null;
 }
 
@@ -331,7 +334,12 @@ function stripLangTaggedBlocks(html: string, langCode: string): string {
     if (html[i] !== '<') { i++; continue; }
 
     const parsed = parseTagAt(html, i);
-    if (!parsed) break;
+    if (!parsed) {
+      // Malformed markup (stray `<` in text, etc.) — skip this character and keep
+      // scanning so later lang-tagged blocks are still stripped.
+      i++;
+      continue;
+    }
 
     if (
       !parsed.isClosing &&
diff --git a/tests/detect-swedish-leakage.test.ts b/tests/detect-swedish-leakage.test.ts
@@ -348,5 +348,25 @@ describe('Swedish Leakage Detector', () => {
       expect(report.leakedTerms).toEqual([]);
       expect(report.score).toBe(0);
     });
+
+    it('should not treat data-lang="sv" as a real lang attribute', () => {
+      // `data-lang` is a custom data attribute, not the standard HTML `lang`.
+      // Swedish inside such an element must still be detected as leakage.
+      const html = '<p data-lang="sv">utskottet antog propositionen</p>';
+      const report = detectSwedishLeakage(html, 'en');
+      const terms = report.leakedTerms.map((t) => t.term);
+      expect(terms).toContain('utskottet');
+      expect(terms).toContain('propositionen');
+    });
+
+    it('should keep scanning after a stray "<" in text content', () => {
+      // A stray `<` (e.g. from "<" in prose) should not abort the strip pass —
+      // the later lang="sv" block must still be suppressed.
+      const html =
+        '<p>Value is 5 < 10 when counting seats.</p>' +
+        '<span lang="sv">riksdagen antog propositionen</span>';
+      const report = detectSwedishLeakage(html, 'en');
+      expect(report.leakedTerms).toEqual([]);
+    });
   });
 });
