File: crates/web/src/util.rs:5-38
Severity: robustness
Obvious? yes
The function fires clipboard.write_text(text) (returns a Promise) but discards it with let _ = ... and unconditionally proceeds to the textarea + execCommand('copy') fallback. Since the Promise hasn't resolved/rejected at that point, the fallback always runs — meaning the page momentarily appends/removes a hidden textarea even when the modern API would succeed, and the second copy may overwrite the first.
Fix: use then2 / await on the promise and only fall back on rejection.
Filed by /general-audit @ 6404719 (2026-05-03). master: #567.
File:
crates/web/src/util.rs:5-38Severity: robustness
Obvious? yes
The function fires
clipboard.write_text(text)(returns a Promise) but discards it withlet _ = ...and unconditionally proceeds to the textarea +execCommand('copy')fallback. Since the Promise hasn't resolved/rejected at that point, the fallback always runs — meaning the page momentarily appends/removes a hidden textarea even when the modern API would succeed, and the second copy may overwrite the first.Fix: use
then2/ await on the promise and only fall back on rejection.Filed by
/general-audit@6404719(2026-05-03). master: #567.