Between August 7th and 2024, will any page on Manifold redirect to a page on a different website due to an exploit?
10
190Ṁ944
resolved Dec 31
Resolved
NO

This happened briefly today on the superconductor market.

Note: If such behavior is triggered unintentionally, but the mechanism would also have been exploitable by a malicious actor, resolves YES.

Market context
Manifold
Information security
New Year's Resolutions 2024
Get
Ṁ1,000
to start trading!

🏅 Top traders

#TraderTotal profit
1Ṁ42
2Ṁ36
3Ṁ24
4Ṁ7
5Ṁ5

People are also trading

Sort by:
Ian Philips boughtṀ100NO

#skininthegame

https://github.com/manifoldmarkets/manifold/commit/701b3cd6b3ee756e8ca979a370a1ff14291411d3

sandbox iframes · manifoldmarkets/manifold@701b3cd
Manifold Markets: A market for every question. Contribute to manifoldmarkets/manifold development by creating an account on GitHub.

/jskf/will-market-embeds-be-visible-again

What exactly happened on the superconductor market today?

@TamarSpoerri Embeds were apparently implemented through un-sandboxed iframes, and someone embedded a page (in a comment) that caused a redirect in the parent.

(I think not intentionally on the commenter's part. They were linking to a video, and the website hosting it probably has frame-breaker stuff set up in general.)

I should probably define "exploit" for the purpose of this market...

@jskf I strongly suspect that bilibili's frame-breaker is on the 404, not on all videos, and it was only when the video was taken down that the redirect started happening. otherwise, the commenter would've been redirected when the embed-preview shows up while they were editing the comment.

(haven't actually checked tho)

People are also trading

© Manifold Markets, Inc.TermsPrivacy