Just a few weeks ago there was an interesting thread on the oss-sec list[1], which is tangentially related - a clipboard-pastejacking issue was reported to Firefox, who rejected the bug report.
It's X11 which is asking applications what was selected when determining what will be pasted from middle click. To be secure X11 should be maintaining its own buffer which can only be updated via user interaction instead of relying on every application to implement this security measure themselves.
It's also a security issue with the shells that are interpreting a pasted new-line character. The author of that post is delusional to claim that none of the blame should be placed on the shells.
1: https://seclists.org/oss-sec/2023/q4/132