I suspect it would be a very hard permission to implement. There are a lot of ways to exfiltrate data from a website if you have DOM access. But yeah, agreed.

Some of the difficulty around securing extensions boils down to the fact that Javascript permissions could be better. Websites do a decent job of sandboxing the website, but sandboxing within websites (without relying on iframes) is much more difficult.

Per-site permissions and click-to-activate are also really useful features here. It's easy to forget how recent they are. But it would be good to go further if possible and having barriers in front of exfiltration would be a big part of that -- there are many browser permissions that would become less dangerous if you could know for sure that the data they generate can't get off your device. I just think it would be really difficult to try and build browser permissions around that in a user-legible way.