|
|
|
|
|
|
by bascule
3345 days ago
|
|
|
Domain separation. Unless everything is tagged, an attacker can trick the parser into misinterpreting the type of an object. Or, a more mundane explanation: the parser will silently clobber the name because it contains a ":" Leaving any names untagged is ambiguous. |
|
|