Patch Changes
-
48e7e78: Harden MCP Apps handling of server-supplied resource metadata and the host/iframe bridge:
- Runtime-validate
_meta.uiand drop malformed or non-string fields. - Gate iframe permissions deny-by-default via a new
sandbox.allowedPermissionsallowlist. - Derive a concrete
postMessagetarget origin and validate inbound message origins. - Validate inbound bridge params: limit
resources/readtoui://resources and allow onlyhttps/http/mailtoinui/open-link. - Add
fingerprintMCPAppResource/detectMCPAppResourceDriftfor pinning and comparing app resources.
- Runtime-validate
-
Updated dependencies [48e7e78]
- @ai-sdk/mcp@2.0.14