Content protection
Here Core provides features that can give platform developers enhanced control over the security of content in windows and view. These features help prevent sensitive information from being shared outside of authorized applications. They can be implemented as part of a company's broader strategy for data loss prevention (DLP).
The content protection features comprise the following:
- Screen capture protection
- Secure clipboard operations
- Printing restrictions
- Drag and drop restrictions
Configure domain-based settings
Content protection features are configured through domain-based permissions.
All options are nested under the contentProtection property in domain settings of an application manifest.
In all cases except paste behavior, the default setting is 'allow'.
The following example shows the type definition for the options of the contentProtection property:
type contentProtection = {
screenCapture?: 'allow' | 'block';
print?: 'allow' | 'block';
drag?: 'allow' | 'block';
clipboard?: {
copy?: {
behavior: 'allow' | 'block' | 'protect';
options?: {
replacementText?: string; // Text that is pasted in place of blocked content
}
},
paste?: {
behavior: 'non-protected-content' | 'all-content';
}
},
}
Example configuration
The following sample shows an excerpt of a manifest file, for content protection options.
"domainSettings": {
"rules": [{
"match": ["*://*.here.io/*"],
"options": {
"contentProtection": {
"screenCapture": "block",
"clipboard": {
"copy": {
"behavior": "protect",
"options": {
"replacementText": "This content is protected by organization policy"
}
},
"paste": {
"behavior": "all-content"
}
},
"print": "block",
"drag": "block"
}
}
}]
}
Screen capture protection
The screen capture protection feature prevents windows containing sensitive content from appearing in screenshots or screen sharing applications.
Behavior
-
When
screenCaptureis set toblockfor a domain, any window containing content from that domain is blocked from screen capture. -
The appearance of blocked windows in screenshots and screen sharing depends on the operating system. On Microsoft Windows, they appear black. On macOS, they are invisible.
-
Protection applies at the window level; individual views or iframes cannot be selectively blocked. If the content in a view or iframe is blocked, the entire window containing it is blocked.
-
Protection remains active even if protected content is hidden or out of view.
Get protection status
You can check the current set of screen capture permissions by calling getScreenCapturePermissions() on the Window or View object.
The structure of the permissions object is shown below.
type ScreenCapturePermission = {
permission: 'allow' | 'block';
permissions: [{
behavior: 'allow' | 'block':
info: { // what entity is determining the behavior?
entityType: 'window' | 'iframe' | 'external connection' | 'view' | 'unknown' ;
name: string;
uuid: string;
};
url: string //URL of the content involved
}]
}
Secure clipboard operations
The secure clipboard feature prevents protected content from being pasted into unauthorized applications.
Copy protection modes
-
allow: Normal clipboard operation (default) -
block: Prevents all copy operations -
protect: Encrypts copied content with a token that can be decrypted only by authorized applications
Protected clipboard content is stored in a secure buffer separate from the system clipboard. When protected content is copied, the system clipboard contains replacement text and a token. When the user attempts to paste protected content, if the destination is allowed to receive it, the content is decrypted and pasted; otherwise, the replacement text is pasted. Tokens are invalidated when new content is copied or when the platform is closed. Iframes inherit clipboard settings from their parent window or view.
Paste protection modes
-
'non-protected-content': This content can receive pasted content that is not subject to content protection -
'all-content': This content can receive all pasted content, including protected content.
If the content being pasted is protected and 'all-content' is set, then the content is decrypted and pasted.
If the content being pasted is protected and 'non-protected-content' is set, then the replacement text is pasted instead of the actual content.
Events�
Applications can listen for blocked clipboard operations:
type ClipboardCopyBlockedEvent = {
uuid: string,
name: string,
topic: string, // The event emitter that raised the event
type: 'clipboard-copy-blocked',
reason: 'disabled',
url: string
}
type ClipboardPasteBlockedEvent = {
uuid: string,
name: string,
topic: string, // The event emitter that raised the event
type: 'clipboard-paste-blocked',
reason: 'invalid-data' | 'disabled',
url: string
}
// Usage example
const view = fin.View.getCurrentSync();
view.on('clipboard-copy-blocked', (event) => {
console.log('Copy blocked:', event.reason);
});
view.on('clipboard-paste-blocked', (event) => {
console.log('Paste blocked:', event.reason);
});
Print restrictions
Print restrictions prevent users from printing protected content.
When print is set to block:
-
The Web window: print() method throws an error.
-
Context menu print options are disabled.
-
Any print method fails if any visible portion of the object has printing blocked. For example, a window cannot be printed if it contains a view that is blocked from printing. This restriction applies to the View.print() method and when options for printing a view or a screenshot are included when calling Window.print().
Drag and drop restrictions
Drag and drop restrictions prevent users from dragging content out of protected applications.
Behavior
When drag is set to block:
-
HTML5 drag and drop operations are blocked.
-
Both internal and external drag operations are blocked.
-
The protection is enforced through client-side event blocking.
Applications that rely on HTML5 drag and drop might be adversely affected by this feature.