OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch
iOS A2UI bridge origin validation trusted generic local-network or tailnet pages, allowing untrusted pages loaded in the screen webview to reach agent.request dispatch instead of requiring the bundled scaffold or exact capability-backed A2UI URL.
apps/ios/Sources/Screen/ScreenWebView.swift
The A2UI WKScriptMessage handler is the bridge entrypoint. In the vulnerable version it accepts messages from non-file URLs based on local-network origin checks, which is the direct trust sink for action dispatch.
apps/ios/Sources/Screen/ScreenController.swift
This file defines which canvas URLs are considered trusted. The fix removes broad local-network trust and replaces it with exact matching against a stored trusted remote A2UI URL.
apps/ios/Sources/Model/NodeAppModel.swift
canvas.present and canvas.navigate call into ScreenController navigation. The fix adds trustA2UIActions only for the exact resolved A2UI URL, showing how generic navigations previously could retain bridge authority they should not have.