"What I'd like the OS itself to do is to block by default copy/pasting between apps, with the user agreeing to each combination, with "only once" option available."

Please no. At present any application which could compromise you by stealing passwords could probably just as easily pwn your entire system thus you will have saved zero people from harm. Meanwhile 99.9% of people will be frustrated by such an ill thought out security measure. 50% will have to google how to fix clipboard permissions to disable this. 25% will ask their computer literate friends how to do this. 20% will click once every single time and just think the new release of their OS sucks slightly. 10% will accidentally click deny at some point and think cut and paste is broken. Some percentage will probably reinstall their entire OS to fix cut and paste or just hate their life every time they hit this application combination.

Random web pages should probably just never have access to your clipboard because people will just click accept when the malicious site askes. Its sufficient that your browser which you either trust or are already laughably pwned to have access to the clipboard so that you can paste stuff into websites. Said sites don't even need to know the difference between user typed foo and user pasted foo.

> What I'd like the OS itself to do is to block by default copy/pasting between apps, with the user agreeing to each combination, with "only once" option available.

This made me think. At the cost of learning new key combinations, a clipboard manager browser extension could isolate in-browser copy/pastes from the system clipboard, unless explicitly asked.