Hacker News new | ask | show | jobs
by TazeTSchnitzel 3346 days ago
I question the value of the tags where they state the obvious. Does this

  {"foo:O":{}}
really tell you more than

  {"foo":{}}
?

The ability to encode sets, integers, binary data and time stamps is useful. But why tag things which are what they look like? It's a waste of space.
1 comments
bascule 3345 days ago
Domain separation. Unless everything is tagged, an attacker can trick the parser into misinterpreting the type of an object.

Or, a more mundane explanation: the parser will silently clobber the name because it contains a ":"

Leaving any names untagged is ambiguous.

link