Project

asset_bom_removal-rails

0.01
Repository is archived
No release in over 3 years
Low commit activity in last 3 years
asset_bom_removal-railsalphagov/asset_bom_removal-railsHomepageDocumentationSource CodeBug TrackerWiki
Hooks into rails asset:precompile task to remove the BOM from any CSS files generated by SASS. Firefox < 52 has a bug when calculating SRI for CSS files with a BOM and removing it has no downsides so that's what we do.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
50,230
Stars
0
Forks
3
Watchers
59
 Releases
Current version
1.0.2
Total releases
4
First release
2017-07-12
Latest release
2017-07-25
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
4
Merged Pull Requests
9
Pull Request Acceptance Rate
69%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2017-10-31
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.14
govuk-lint
>= 0
rake
~> 10.0
rspec
~> 3.0

Runtime

rails
>= 4.2
sass
> 3.4
 Project Readme

AssetBomRemoval::Rails

This gem hooks into Rails assets:precompile task and removes the UTF8 Byte Order Mark (BOM) from any CSS files compressed by Sass.

What is a BOM?

The BOM is a sequence of bytes at the start of a unicode text file that are used to tell the computer how to interpret the contents. The BOM is required for UTF-16 because you can write the bytes for each character in big or little endian form. This gem does not remove the UTF-16 BOM. The BOM is optional for UTF-8 files as the standard says there is only one way to write the bytes for each character. Adding it to a file is a hint to the computer for how to interpret the file, but can be safely removed without changing how the file will be interpreted.

Why remove it?

We do this because we want to use SRI on our assets to let users know that neither the assets nor the html have been intercepted and changed between our server and their browser. Unfortunately a bug in Firefox versions < 52 means it calculates the hash incorrectly when the CSS asset has a UTF-8 BOM and refuses to load the asset.

The BOM is generated by SASS versions > 3.4 when the CSS file includes utf-8 characters and in the versions of rails, sass, sprockets, sass-rails, and sprockets-rails we use it is impossible to configure Sass to stop doing this (as mentioned in the sass-rails readme from version 4.0+).

Installation

Add this line to your application's Gemfile:

gem 'asset_bom_removal-rails'

And then execute:

$ bundle

Or install it yourself as:

$ gem install asset_bom_removal-rails

Usage

The gem hooks itself into rails assets pipeline so when you run assets:precompile it will be used. When a css file is compiled with this gem in the app any BOM added by sass will be removed before the compiled CSS is passed to the rest of the asset pipeline to be persisted and added to the manifest.

It should only affect production environments because sass is (by default) only configured to use :compressed style (and thus generate BOMs) in production mode. In development it uses :expanded which does not trigger the BOM insertion.

It replaces the default css_compressor (as configured in rails via config.assets.css_compressor) with a version that strips the BOM. It won't do it if the css_compressor is configured and is not :sass or :scss.

Development

After checking out the repo, run bundle install to install dependencies. Then, run rake spec to run the tests.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/alphagov/asset_bom_removal-rails.

License

The gem is available as open source under the terms of the MIT License.