Hacker News new | ask | show | jobs
by x______________ 155 days ago
Assuming the codex editor is the editor for the area below the auction counter, isn't that a security vulnerability that can put the site audience at risk?
1 comments
nsomani 155 days ago
The Codex agent is only given tools to edit the single HTML file that displays on the homepage. The page is on a separate domain, so there's no cookie sharing, and the iFrame is in a sandbox. That said, the biggest risk is social engineering attacks.
link
hsbauauvhabzb 155 days ago
What’s to stop someone rewriting the iframe wrapper to hide the real iframe and display a fake one?
link
nsomani 155 days ago
They cannot edit the iFrame itself. The user is allowed to edit the contents within the iFrame.
link