On behalf of millions of users, that's awesome and thank you, thank you, thank you for all that you do.

I hope there is a setting to never allow websites to touch the clipboard.

If the point is a copy-paste raster image that shall be understood by most other programs, then image/png is a fine choice, as it is lossless and well-known.

Vector images don't really need direct support though, do they? A lot of vector image interchange formats are just plaintext so normal text clipboard APIs should suffice.

Animated images could definitely be somewhat useful though, albeit much more niche than static raster images. In most cases where I want an animated image on my clipboard, a link will suffice. What I want may not map to the majority of course, but at least PNG support is a start!

> A lot of vector image interchange formats are just plaintext so normal text clipboard APIs should suffice.

Yes, but I don't think you can set the MIME type. So whatever you paste in would have to be smart enough to look at a text/plain clipboard data and figure out if it looks like an SVG (or whatever).

According to MDN you can choose one of the following MIME types:

    text/plain
    text/uri-list
    text/csv
    text/html
    image/svg+xml
    application/xml, text/xml
    application/json

So at the very least there's image/svg+xml, but that is pretty limiting.

My interpretation of the situation exactly. You have to start somewhere.

Raster image support should also be able to support stuff drawn on a canvas element, so I think it is a great place to start.

It can be done only after the user confirms, that they want to allow the website to do it (similar to a webcam access, etc).

Is there also an option to never show that popup for any website?

This is up to a browser. I believe a browser should give you an option to decline all such requests by default, without asking you each time. Just like you can browse the web with JS disabled, without images, etc.

Not without permission, for sure. I dislike how some websites will add extra text when you copy.

if this is important to some users (to me it is) why blindly trust an application's claim of what it does without verifying/restricting it[1]? The IMHO logical step for a user (again most don't care) would be to sandbox the application with a precise set of calls that are whitelisted and judge the application not based on trust but based on what they allowed in their security controls (firejail, apparmor, seccomp, SElinux, ...) and so immediately see if they did something different (that breaks the promise/trust)? (even then browsers have million lines of code so even with best intentions ymmv)

Reading/writing clipboards is a problem for sandboxing since they act as a bridge to another layer that otherwise has no contract or understanding of the application. So are many other features not just on browsers but on any application that for some reason needs to handle a gazillion tings (on Linux subscribing to system/user dbus messages is a big issue and out of the box totally unmitigated).

[1] If a monolith like chrome/firefox needs to understand/parse hundreds of protocols, technology-standards, etc, is a challenge to sandbox, maybe it isn't the sandboxing but the application that is the wrong tool for the users threat-model? Note, there is also Tor/Tails/QubesOS if isolation between user-space applications is a serious concern.