I don’t think your proposed workaround would help. The user stays on the malicious domain. Unless your container is clearly marked visually, only the url shows the savvy user that something is off.