Between August 7th and 2024, will any page on Manifold redirect to a page on a different website due to an exploit?
ManifoldInformation securityNew Year's Resolutions 2024
10
41
190
resolved Dec 31
Resolved
NO

This happened briefly today on the superconductor market.

Note: If such behavior is triggered unintentionally, but the mechanism would also have been exploitable by a malicious actor, resolves YES.

Get Ṁ200 play money

Related questions

🏅 Top traders

#NameTotal profit
1Ṁ42
2Ṁ36
3Ṁ24
4Ṁ7
5Ṁ5
8 Comments
9 Holders
16 Trades
Sort by:
boughtṀ100NO

#skininthegame

https://github.com/manifoldmarkets/manifold/commit/701b3cd6b3ee756e8ca979a370a1ff14291411d3

sandbox iframes · manifoldmarkets/manifold@701b3cd
Manifold Markets: A market for every question. Contribute to manifoldmarkets/manifold development by creating an account on GitHub.

/jskf/will-market-embeds-be-visible-again

What exactly happened on the superconductor market today?

@TamarSpoerri Embeds were apparently implemented through un-sandboxed iframes, and someone embedded a page (in a comment) that caused a redirect in the parent.

(I think not intentionally on the commenter's part. They were linking to a video, and the website hosting it probably has frame-breaker stuff set up in general.)

I should probably define "exploit" for the purpose of this market...

@jskf I strongly suspect that bilibili's frame-breaker is on the 404, not on all videos, and it was only when the video was taken down that the redirect started happening. otherwise, the commenter would've been redirected when the embed-preview shows up while they were editing the comment.

(haven't actually checked tho)

Related in Manifold

See more Manifold questions

Related in Information security

See more Information security questions

Related in New Year's Resolutions 2024

See more New Year's Resolutions 2024 questions

More related questions