Clipboard
The clipboard is a common, easily-overlooked path for data to leave a controlled environment. The security.clipboard node governs clipboard sharing between the streamed application and the browser — whether it is on, which direction is permitted, and how large a payload may transfer.
security.clipboardProperties
| Property | Type | Default | Values / range | Notes |
|---|---|---|---|---|
enabled * | boolean | — | — | Master switch for clipboard sharing. Required. New custom policies default to false. |
direction | enum | — | serverToClient, clientToServer, bidirectional | Data flow direction; only meaningful when enabled is true. When disabled, the effective direction is treated as off. |
maxSizeBytes | integer | 1048576 | 1024 – 10485760 | Maximum clipboard payload, in bytes (1 KB – 10 MB; default 1 MB). |
Direction is from the session's perspective: serverToClient permits copying out of the application to the browser, clientToServer permits pasting into the application, and bidirectional allows both.
Sample
"clipboard": {
"enabled": true,
"direction": "serverToClient",
"maxSizeBytes": 524288
}
For sensitive data, restrict the outbound direction (serverToClient). Copy-out is the path most likely to be used for unwanted data egress.
Clipboard transfers appear in the audit trail with direction and size, giving security teams visibility into data movement. See Audit Events. This node is policy-driven; app.config.xml only seeds an initial default when no policy is present.