Since operating systems can “quarantine” downloaded files, it seems perfectly reasonable to also quarantine data that can be arbitrarily modified by remote APIs. This is doubly true when there are all kinds of ways for web sites to trick the user into visiting domains they don’t really know that they “requested”.
On the Mac, applications downloaded from the Internet are quarantined; they stay that way until you accept a warning message displayed at first launch (even if you wait days to launch it for the first time). The OS helpfully remembers where the file came from, e.g. “This was downloaded from www.notmalware.com on July 6, 2000.”.
If a web browser insists on allowing web-controlled Copy behavior, the resulting pasteboard should be given a big, black TAINTED mark that cannot be cleared without a very explicit action. If I go to another application and try to Paste, the other application should not be able to access the data without clearing the quarantine (e.g. OS provides standard dialog that shows the entire text and web site of origin, free of any white text-coloring or Unicode invisibility tricks).
On the Mac, applications downloaded from the Internet are quarantined; they stay that way until you accept a warning message displayed at first launch (even if you wait days to launch it for the first time). The OS helpfully remembers where the file came from, e.g. “This was downloaded from www.notmalware.com on July 6, 2000.”.
If a web browser insists on allowing web-controlled Copy behavior, the resulting pasteboard should be given a big, black TAINTED mark that cannot be cleared without a very explicit action. If I go to another application and try to Paste, the other application should not be able to access the data without clearing the quarantine (e.g. OS provides standard dialog that shows the entire text and web site of origin, free of any white text-coloring or Unicode invisibility tricks).