With this test plist,

<plist version="1.0">
<dict>
  <key>Token</key>
  <data>
  BANUb2tlbg==
  </data>
</dict>
</plist>

require 'plist'

puts Plist.parse_xml('token.plist') # => {"Token"=>true}

With python's plistlib, it prints {'Token': b'\x04\x03Token'}, and it is expected output.

It seems that a string starting with \x04\x03T is interpretated as true on Marshal.load here
https://github.com/patsplat/plist/blob/v3.6.0/lib/plist/parser.rb#L247

Thanks for reporting this and for finding the problematic Marshal.load. Do you have a suggestion on how we should fix this? I am not familiar with this part of the code.

A quick and dirty fix is like this.

  class PData < PTag
    def to_ruby
      data = Base64.decode64(text.gsub(/\s+/, '')) unless text.nil?
      begin
        return Marshal.load(data).tap do |_data|
          # true: "\x04\x03T" false: "\x04\x03F". Both have only 3 chars.
          raise 'unexpected true/false' if (_data == true || _data == false) && text.gsub(/\s+/, '').length > 3
        end
      rescue Exception
        io = StringIO.new
        io.write data
        io.rewind
        return io
      end
    end
  end

I think it is hard to modify the behavior. of Marshal.load. So we can just check the result and compare it with the original text.

@YusukeIwaki instead of a quick and dirty fix, would it be better to provide an option to disable Marshal entirely? Do you need the Marshal functionality for your use case?

@YusukeIwaki would something like #61 work for you?

Sorry for late response, The option would work and souds good :)