File: crates/web/src/event_processing.rs:154
Severity: UX
Obvious? yes
set_join_status.set(format!("denied:{e}")); — the literal prefix "denied:" is exposed to the UI as a status string. This is a leaky internal sentinel rather than a localizable, user-facing message. Consumers must starts_with("denied:") to render.
Fix: move to a typed JoinStatus::Denied { reason: String } enum (already used for JoinLinkDenied event) so the UI never substring-parses status text.
Filed by /general-audit @ 6404719 (2026-05-03). master: #567.
File:
crates/web/src/event_processing.rs:154Severity: UX
Obvious? yes
set_join_status.set(format!("denied:{e}"));— the literal prefix"denied:"is exposed to the UI as a status string. This is a leaky internal sentinel rather than a localizable, user-facing message. Consumers muststarts_with("denied:")to render.Fix: move to a typed
JoinStatus::Denied { reason: String }enum (already used forJoinLinkDeniedevent) so the UI never substring-parses status text.Filed by
/general-audit@6404719(2026-05-03). master: #567.