iOS: restrict A2UI action dispatch to trusted canvas URLs (#58471)

* fix(ios): restrict a2ui bridge trust * test(ios): cover fragment-strip trust and document raw-string equality * fix(ios): normalize capability URL before trust comparison in canvas commands * fix(ios): trim canvas.navigate url before trust comparison * chore: add changelog for iOS A2UI trust boundary --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-05-03 13:10:27 +00:00 · 2026-04-02 10:51:09 -07:00
parent 00aa31a30c
commit 49d08382a9
6 changed files with 86 additions and 42 deletions
--- a/apps/ios/Sources/Model/NodeAppModel.swift
+++ b/apps/ios/Sources/Model/NodeAppModel.swift
@@ -851,7 +851,8 @@ final class NodeAppModel {
            if url.isEmpty {
                self.screen.showDefaultCanvas()
            } else {
-                self.screen.navigate(to: url)
+                let trustedA2UIURL = await self.resolveA2UIHostURL()
+                self.screen.navigate(to: url, trustA2UIActions: trustedA2UIURL == Self.normalizeURLForTrustComparison(url))
            }
            return BridgeInvokeResponse(id: req.id, ok: true)
        case OpenClawCanvasCommand.hide.rawValue:
@@ -859,7 +860,9 @@ final class NodeAppModel {
            return BridgeInvokeResponse(id: req.id, ok: true)
        case OpenClawCanvasCommand.navigate.rawValue:
            let params = try Self.decodeParams(OpenClawCanvasNavigateParams.self, from: req.paramsJSON)
-            self.screen.navigate(to: params.url)
+            let trimmedURL = params.url.trimmingCharacters(in: .whitespacesAndNewlines)
+            let trustedA2UIURL = await self.resolveA2UIHostURL()
+            self.screen.navigate(to: trimmedURL, trustA2UIActions: trustedA2UIURL == Self.normalizeURLForTrustComparison(trimmedURL))
            return BridgeInvokeResponse(id: req.id, ok: true)
        case OpenClawCanvasCommand.evalJS.rawValue:
            let params = try Self.decodeParams(OpenClawCanvasEvalParams.self, from: req.paramsJSON)