-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve parser error for Byte order mark (BOM) #57
Comments
This has been resolved with the new release. The issue with the BOM could occur, but it has no meaning in utf-8. If it occurs it is removed and the text is parsed without it. |
I'm not sure about is the stripping of the BOM is in line with the RFC 9116 - File Format Description and ABNF Grammar:
RFC 5198 states:
So I think the BOM should be stripped and parsing should continue, but it should also trigger an error or at least warning. Especially in combination with signing it's not nice to have a BOM, although it's outside of the PGP block, a file with BOM is no longer recognized with @DigitalTrustCenter: therefor my request to reopen this issue. |
Agreed that the underlying issue should be highlighted when the file has the BOM present. Will reopen the issue. |
With the new release an error message has been added. If the byte order mark is present in the file it will continue to process the file without the BOM, but it will add an error to highlight that the file has the BOM present. This will mean that the security.txt is not valid if it has a BOM in the file. |
A
security.txt
file with a Byte order mark (BOM) is currently done correctly, but confusing for the user.E.g. an unsigned sectxt will result in:
and a signed message with BOM will result in the same result as #41, since it's checked with:
sectxt/sectxt/__init__.py
Lines 139 to 146 in 79bb386
so
_signed
won't be set toTrue
, because the BOM prefix, which will result in #41 behavior that it errors about every armored line.Because a BOM is not visible in a text editor, and most of the time it's added without the user explicitly requesting this, it would help hinting to this with an improved error.
The text was updated successfully, but these errors were encountered: