asset_bom_removal-rails 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -1
  3. data/README.md +11 -3
  4. data/lib/asset_bom_removal/bom_remover.rb +40 -0
  5. data/lib/asset_bom_removal/rails/version.rb +1 -1
  6. data/lib/asset_bom_removal/sass_no_bom_compressor.rb +1 -11
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a279fa505b26ae133d589793a3e8dbaa44a15f70
4
- data.tar.gz: f8fff0e413f923bda7b32cd4f70c66c47b156fc5
3
+ metadata.gz: 381a294cc4dd9977a510e893fe2f9dd81ae486b5
4
+ data.tar.gz: 6e8f9dc7823e96cf51c88260978c144d4b9ed8ab
5
5
  SHA512:
6
- metadata.gz: 52ad807c5ea9ad11d25f735f6ca24dc1069914e876560d49004b454caf332e4b1f46419f00980e0663cb7781b21f898ca4cb01aadda7763276f92b13cfb6d0d8
7
- data.tar.gz: a80d661216b619a5f4cb34069528f8de38b0f24743ccd6eadef36cae605abc4b5b148835f6039b7af72dc28d8e7df559034d182fb18625384f58db1422c6c091
6
+ metadata.gz: f98cd01d5645921978ae90a96a07980c95e530673085489342e979e4c3a40a414b3c01d198f7875ff5695e4d0a4a03670a0f951201affaf9ac13ffe4490c1385
7
+ data.tar.gz: cd75f89bce9d5065f70b8fbbbbfd29abfd8fa797ed229ef530a59d264f73292427262e7cb441f585ce8710c3fc45f60dd24fcd40b4af11c2c31a9fd4bf4f8a1f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.0.1
2
+
3
+ * Fix issue where BOM removal strips 2 extra characters from file [#6](https://github.com/alphagov/asset_bom_removal-rails/pull/6)
4
+ * Improve Readme [#5](https://github.com/alphagov/asset_bom_removal-rails/pull/5)
5
+
1
6
  # 1.0.0
2
7
 
3
- * Hooks into Rails Asset Pipeline as a custom Sass Compressor that strips the utf-8 BOM from compressed css
8
+ * Hooks into Rails Asset Pipeline as a custom Sass Compressor that strips the utf-8 BOM from compressed css [#3](https://github.com/alphagov/asset_bom_removal-rails/pull/3)
data/README.md CHANGED
@@ -1,8 +1,16 @@
1
- # Asset::Bom::Removal::Rails
1
+ # AssetBomRemoval::Rails
2
2
 
3
- This gem hooks into [Rails `assets:precompile` task](http://guides.rubyonrails.org/asset_pipeline.html#precompiling-assets) and removes the BOM from any CSS files (and their gzipped versions) in the asset root.
3
+ This gem hooks into [Rails `assets:precompile` task](http://guides.rubyonrails.org/asset_pipeline.html#precompiling-assets) and removes the [UTF8 Byte Order Mark (BOM)]((https://en.wikipedia.org/wiki/Byte_order_mark#UTF-8)) from any CSS files compressed by [Sass](https://github.com/sass/sass-rails/).
4
4
 
5
- We do this because we want to use [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) on our assets, but [a bug in Firefox versions < 52](https://bugzilla.mozilla.org/show_bug.cgi?id=1269241) means it calculates the hash incorrectly when the CSS asset has a [UTF-8 BOM](https://en.wikipedia.org/wiki/Byte_order_mark#UTF-8) and refuses to load the asset. The BOM is [generated by SASS versions > 3.4](https://github.com/sass/sass/blob/3.4.0/lib/sass/tree/visitors/to_css.rb#L131-L140) when the CSS file includes utf-8 characters and in the versions of rails, sass, sprockets, sass-rails, and sprockets-rails we use it is impossible to configure SASS to stop doing this (as mentioned [in the sass-rails readme](https://github.com/rails/sass-rails/blob/v4.0.0/README.md#configuration) from version 4.0+).
5
+ ## What is a BOM?
6
+
7
+ The BOM is a sequence of bytes at the start of a unicode text file that are used to tell the computer how to interpret the contents. The BOM is required for UTF-16 because you can write the bytes for each character in big or little endian form. This gem does not remove the UTF-16 BOM. The BOM is optional for UTF-8 files as the standard says there is only one way to write the bytes for each character. Adding it to a file is a hint to the computer for how to interpret the file, but can be safely removed without changing how the file will be interpreted.
8
+
9
+ ## Why remove it?
10
+
11
+ We do this because we want to use [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) on our assets to let users know that neither the assets nor the html have been intercepted and changed between our server and their browser. Unfortunately [a bug in Firefox versions < 52](https://bugzilla.mozilla.org/show_bug.cgi?id=1269241) means it calculates the hash incorrectly when the CSS asset has a UTF-8 BOM and refuses to load the asset.
12
+
13
+ The BOM is [generated by SASS versions > 3.4](https://github.com/sass/sass/blob/3.4.0/lib/sass/tree/visitors/to_css.rb#L131-L140) when the CSS file includes utf-8 characters and in the versions of [rails](https://github.com/rails/rails), [sass](https://github.com/sass/sass), [sprockets](https://github.com/rails/sprockets), [sass-rails](https://github.com/rails/sass-rails), and [sprockets-rails](https://github.com/rails/sprockets-rails) we use it is impossible to configure Sass to stop doing this (as mentioned [in the sass-rails readme](https://github.com/rails/sass-rails/blob/v4.0.0/README.md#configuration) from version 4.0+).
6
14
 
7
15
  ## Installation
8
16
 
data/lib/asset_bom_removal/bom_remover.rb ADDED
@@ -0,0 +1,40 @@
1
+ module AssetBomRemoval
2
+ class BomRemover
3
+ def self.remove_bom(string)
4
+ new(string).remove_bom
5
+ end
6
+
7
+ def initialize(string)
8
+ @string = string
9
+ end
10
+
11
+ def remove_bom
12
+ if string_starts_with_utf8_bom?
13
+ string.dup.force_encoding('UTF-8').tap do |utf8_string|
14
+ utf8_string.slice!(0)
15
+ end
16
+ else
17
+ string
18
+ end
19
+ end
20
+
21
+ private
22
+
23
+ attr_reader :string
24
+
25
+ def string_starts_with_utf8_bom?
26
+ with_encoding('UTF-8') do |utf8_string|
27
+ utf8_string[0] == "\xEF\xBB\xBF"
28
+ end
29
+ end
30
+
31
+ def with_encoding(encoding)
32
+ old_encoding = string.encoding
33
+ begin
34
+ return (yield string.force_encoding(encoding))
35
+ ensure
36
+ string.force_encoding(old_encoding)
37
+ end
38
+ end
39
+ end
40
+ end
data/lib/asset_bom_removal/rails/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module AssetBomRemoval
2
2
  module Rails
3
- VERSION = '1.0.0'.freeze
3
+ VERSION = '1.0.1'.freeze
4
4
  end
5
5
  end
data/lib/asset_bom_removal/sass_no_bom_compressor.rb CHANGED
@@ -4,17 +4,7 @@ module AssetBomRemoval
4
4
  class SassNoBomCompressor < Sprockets::SassCompressor
5
5
  # Let the default sass processor do all the hard work
6
6
  def call(input)
7
- remove_bom_from_css(super(input))
8
- end
9
-
10
- private
11
-
12
- def remove_bom_from_css(css_string)
13
- if css_string.bytes[0..2] == [0xEF, 0xBB, 0xBF]
14
- css_string[3..-1]
15
- else
16
- css_string
17
- end
7
+ BomRemover.remove_bom(super(input))
18
8
  end
19
9
  end
20
10
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: asset_bom_removal-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Government Digital Service
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-12 00:00:00.000000000 Z
11
+ date: 2017-07-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -113,6 +113,7 @@ files:
113
113
  - README.md
114
114
  - Rakefile
115
115
  - asset_bom_removal-rails.gemspec
116
+ - lib/asset_bom_removal/bom_remover.rb
116
117
  - lib/asset_bom_removal/rails.rb
117
118
  - lib/asset_bom_removal/rails/railtie.rb
118
119
  - lib/asset_bom_removal/rails/version.rb