PasteJacking is a CLIENT-side attack where malicious site tricks the user to copy some text, then the malicious JavaScript code replaces the contents of the copied text in the clipboard with a malicious XSS payloads.The malicious site then ASKs the user to paste it. Because it is a CLIENT-side attack starting on a MALICIOUS site (not protected by ASM) Pastejacking cannot be stopped as it happens in memory of user's BROWSER. However when the user pastes the XSS payload to a legitimate site (protected by ASM) ASM will DETECT the XSS in the input (provided the policy is configured correctly to detect and block XSS).