asset_bom_removal-rails 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -1
  3. data/README.md +11 -3
  4. data/lib/asset_bom_removal/bom_remover.rb +40 -0
  5. data/lib/asset_bom_removal/rails/version.rb +1 -1
  6. data/lib/asset_bom_removal/sass_no_bom_compressor.rb +1 -11
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a279fa505b26ae133d589793a3e8dbaa44a15f70
4
- data.tar.gz: f8fff0e413f923bda7b32cd4f70c66c47b156fc5
3
+ metadata.gz: 381a294cc4dd9977a510e893fe2f9dd81ae486b5
4
+ data.tar.gz: 6e8f9dc7823e96cf51c88260978c144d4b9ed8ab
5
5
  SHA512:
6
- metadata.gz: 52ad807c5ea9ad11d25f735f6ca24dc1069914e876560d49004b454caf332e4b1f46419f00980e0663cb7781b21f898ca4cb01aadda7763276f92b13cfb6d0d8
7
- data.tar.gz: a80d661216b619a5f4cb34069528f8de38b0f24743ccd6eadef36cae605abc4b5b148835f6039b7af72dc28d8e7df559034d182fb18625384f58db1422c6c091
6
+ metadata.gz: f98cd01d5645921978ae90a96a07980c95e530673085489342e979e4c3a40a414b3c01d198f7875ff5695e4d0a4a03670a0f951201affaf9ac13ffe4490c1385
7
+ data.tar.gz: cd75f89bce9d5065f70b8fbbbbfd29abfd8fa797ed229ef530a59d264f73292427262e7cb441f585ce8710c3fc45f60dd24fcd40b4af11c2c31a9fd4bf4f8a1f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.0.1
2
+
3
+ * Fix issue where BOM removal strips 2 extra characters from file [#6](https://github.com/alphagov/asset_bom_removal-rails/pull/6)
4
+ * Improve Readme [#5](https://github.com/alphagov/asset_bom_removal-rails/pull/5)
5
+
1
6
  # 1.0.0
2
7
 
3
- * Hooks into Rails Asset Pipeline as a custom Sass Compressor that strips the utf-8 BOM from compressed css
8
+ * Hooks into Rails Asset Pipeline as a custom Sass Compressor that strips the utf-8 BOM from compressed css [#3](https://github.com/alphagov/asset_bom_removal-rails/pull/3)
data/README.md CHANGED
@@ -1,8 +1,16 @@
1
- # Asset::Bom::Removal::Rails
1
+ # AssetBomRemoval::Rails
2
2
 
3
- This gem hooks into [Rails `assets:precompile` task](http://guides.rubyonrails.org/asset_pipeline.html#precompiling-assets) and removes the BOM from any CSS files (and their gzipped versions) in the asset root.
3
+ This gem hooks into [Rails `assets:precompile` task](http://guides.rubyonrails.org/asset_pipeline.html#precompiling-assets) and removes the [UTF8 Byte Order Mark (BOM)]((https://en.wikipedia.org/wiki/Byte_order_mark#UTF-8)) from any CSS files compressed by [Sass](https://github.com/sass/sass-rails/).
4
4
 
5
- We do this because we want to use [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) on our assets, but [a bug in Firefox versions < 52](https://bugzilla.mozilla.org/show_bug.cgi?id=1269241) means it calculates the hash incorrectly when the CSS asset has a [UTF-8 BOM](https://en.wikipedia.org/wiki/Byte_order_mark#UTF-8) and refuses to load the asset. The BOM is [generated by SASS versions > 3.4](https://github.com/sass/sass/blob/3.4.0/lib/sass/tree/visitors/to_css.rb#L131-L140) when the CSS file includes utf-8 characters and in the versions of rails, sass, sprockets, sass-rails, and sprockets-rails we use it is impossible to configure SASS to stop doing this (as mentioned [in the sass-rails readme](https://github.com/rails/sass-rails/blob/v4.0.0/README.md#configuration) from version 4.0+).
5
+ ## What is a BOM?
6
+
7
+ The BOM is a sequence of bytes at the start of a unicode text file that are used to tell the computer how to interpret the contents. The BOM is required for UTF-16 because you can write the bytes for each character in big or little endian form. This gem does not remove the UTF-16 BOM. The BOM is optional for UTF-8 files as the standard says there is only one way to write the bytes for each character. Adding it to a file is a hint to the computer for how to interpret the file, but can be safely removed without changing how the file will be interpreted.
8
+
9
+ ## Why remove it?
10
+
11
+ We do this because we want to use [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) on our assets to let users know that neither the assets nor the html have been intercepted and changed between our server and their browser. Unfortunately [a bug in Firefox versions < 52](https://bugzilla.mozilla.org/show_bug.cgi?id=1269241) means it calculates the hash incorrectly when the CSS asset has a UTF-8 BOM and refuses to load the asset.
12
+
13
+ The BOM is [generated by SASS versions > 3.4](https://github.com/sass/sass/blob/3.4.0/lib/sass/tree/visitors/to_css.rb#L131-L140) when the CSS file includes utf-8 characters and in the versions of [rails](https://github.com/rails/rails), [sass](https://github.com/sass/sass), [sprockets](https://github.com/rails/sprockets), [sass-rails](https://github.com/rails/sass-rails), and [sprockets-rails](https://github.com/rails/sprockets-rails) we use it is impossible to configure Sass to stop doing this (as mentioned [in the sass-rails readme](https://github.com/rails/sass-rails/blob/v4.0.0/README.md#configuration) from version 4.0+).
6
14
 
7
15
  ## Installation
8
16
 
data/lib/asset_bom_removal/bom_remover.rb ADDED
@@ -0,0 +1,40 @@
1
+ module AssetBomRemoval
2
+ class BomRemover
3
+ def self.remove_bom(string)
4
+ new(string).remove_bom
5
+ end
6
+
7
+ def initialize(string)
8
+ @string = string
9
+ end
10
+
11
+ def remove_bom
12
+ if string_starts_with_utf8_bom?
13
+ string.dup.force_encoding('UTF-8').tap do |utf8_string|
14
+ utf8_string.slice!(0)
15
+ end
16
+ else
17
+ string
18
+ end
19
+ end
20
+
21
+ private
22
+
23
+ attr_reader :string
24
+
25
+ def string_starts_with_utf8_bom?
26
+ with_encoding('UTF-8') do |utf8_string|
27
+ utf8_string[0] == "\xEF\xBB\xBF"
28
+ end
29
+ end
30
+
31
+ def with_encoding(encoding)
32
+ old_encoding = string.encoding
33
+ begin
34
+ return (yield string.force_encoding(encoding))
35
+ ensure
36
+ string.force_encoding(old_encoding)
37
+ end
38
+ end
39
+ end
40
+ end
data/lib/asset_bom_removal/rails/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module AssetBomRemoval
2
2
  module Rails
3
- VERSION = '1.0.0'.freeze
3
+ VERSION = '1.0.1'.freeze
4
4
  end
5
5
  end
data/lib/asset_bom_removal/sass_no_bom_compressor.rb CHANGED
@@ -4,17 +4,7 @@ module AssetBomRemoval
4
4
  class SassNoBomCompressor < Sprockets::SassCompressor
5
5
  # Let the default sass processor do all the hard work
6
6
  def call(input)
7
- remove_bom_from_css(super(input))
8
- end
9
-
10
- private
11
-
12
- def remove_bom_from_css(css_string)
13
- if css_string.bytes[0..2] == [0xEF, 0xBB, 0xBF]
14
- css_string[3..-1]
15
- else
16
- css_string
17
- end
7
+ BomRemover.remove_bom(super(input))
18
8
  end
19
9
  end
20
10
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: asset_bom_removal-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Government Digital Service
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-12 00:00:00.000000000 Z
11
+ date: 2017-07-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -113,6 +113,7 @@ files:
113
113
  - README.md
114
114
  - Rakefile
115
115
  - asset_bom_removal-rails.gemspec
116
+ - lib/asset_bom_removal/bom_remover.rb
116
117
  - lib/asset_bom_removal/rails.rb
117
118
  - lib/asset_bom_removal/rails/railtie.rb
118
119
  - lib/asset_bom_removal/rails/version.rb