We only accept a very small list of certain UR messages and other specific payload types (eg. SeedQR). We then apply strict checks to the format of that payload to ensure it is valid and is what we think it is (for example our PSBT parser can be quite strict in what it accepts). Then after that, we still have the checks and validations we run on the payload (eg. the txn data) regardless of which transport it was received from.