Clipboard Format control
Citrix Clipboard format control policies enhance clipboard security by limiting data transfer to specific clipboard formats, thereby controlling the types of data that can be copied and pasted between session and client and vice versa. It can be used to selectively allow or deny certain clipboard data formats.
Clipboard exchange formats are used to enable seamless transfer of information between diverse applications, ranging from multimedia programs to complex spreadsheets and word processors. These formats define the structure and encoding of data that can be copied, cut, and pasted, allowing applications to understand and process the content exchanged.
For instance, when copying text from a web browser and pasting it into a word document, the clipboard employs a text-based format. However, if the copied content includes images, tables, or rich text formatting, the clipboard will utilize more sophisticated formats like RTF (Rich Text Format) or HTML (HyperText Markup Language) to preserve the original appearance and structure. Similarly, when exchanging data between specialized applications, such as a CAD program and a presentation tool, the clipboard might use application-specific formats or common metafile formats to ensure accurate representation of the graphical or complex data.
The clipboard format control policies are designed to work in conjunction with the directional clipboard control policies.
With Clipboard Format control, admins can which formats are allowed for example:
- Allow plain text only in both directions
- Allow session to client clipboard transfer only for plain text and images
Or a combination where you can limit the formats that can be pasted from the client to the session, but allow all formats to be pasted from the session back to the client.
Two primary policies control the behavior of clipboard formats:
Client Clipboard Write Allowed Formats: This policy dictates explicitly which clipboard data formats are permitted to be written from the remote session to the client clipboard. For example, an administrator might configure this policy to allow only plain text to be copied to the client, preventing the transfer of potentially malicious rich text, images, or files.
Session Clipboard Write Allowed Formats: Secondly, this policy specifies which clipboard data formats are allowed to be copied from the client to the remote session. This policy is vital for controlling what kind of information can be transferred into the remote environment. An organization might restrict this to only allow plain text, preventing users from inadvertently or intentionally pasting sensitive files or images from their local machine into a less secure or unauthorized remote application.
Note:
The Clipboard allowed formats are only evaluated if the corresponding unidirectional clipboard policy is also set.
To restrict the client clipboard write formats to accept only text-based data formats, both the ‘Restrict client clipboard write’ policy AND ‘Client Clipboard Write Allowed Formats’ need to be configured. In this example, ‘Restrict client clipboard write’ needs to be set to Enabled, and the ‘Client Clipboard Write Allowed Formats’ needs to contain all clipboard text formats:
To configure the write format restriction, please edit the corresponding policy and ensure each entry is placed on a separate line.
As an example:
CF_TEXT CF_BITMAP
Is correct, however the following is incorrect:
CF_TEXT,CF_BITMAP