Just like the paste that you liked to eat in kindergarten, pasting directly from web pages may be bad for you too.
In short, don’t trust copy and paste from web pages, it’s no longer safe. Malware attacks are getting trickier and trickier with more methods of infection appearing every day. Some of the latest in the growing attack trends are “pastejacking” attacks.
Pastejacking with CSS
The Pasting Prophylactic
The simplest way to protect yourself is to ‘cleanse’ your clipboard material using a program that strips away any excess code and pastes only the text that you wanted. Fortunately, every Windows machine comes with this cleansing program. It’s called Notepad. Notepad strips away formatting and any hidden code, including scripts, so that only text is pasted into Notepad. It doesn’t have to be Notepad, of course, any text editor will do. I like Notepad++.
Once you have pasted your web text into your text editor you can copy it from there and then and paste it to the final destination. This does mean that you will have to download any images separately since the text editor strips them out of the paste operation too, but I consider it a small price to pay for safety.
Naked Security did an excellent write-up of this if you want more info.