Though when using the browser based Bing, it's able to look at the "page" for context. I've opened text files / code in my browser and used the sidebar Bing to ask about the file without having to copy/paste into the chat window. It works for somewhat large documents, but I think is still limited to ~10k tokens or so of context.
Yeah...this is where the talk of "guardrails" sometimes gets, forgive the pun, derailed. There are good reasons to be able to put some guardrails in place on your AI model other than pure censorship. I'd really like the page I am having my AI summarize not to be able to hijack it and turn it against me.
Someone can feel free to correct me if I'm wrong, but my understanding is that the LLM takes one input and produces one output. That one input contains some primer made by the service's makers, plus whatever context, plus the user's prompt. The web page contents are just part of that one big input, and the LLM isn't perfect at distinguishing the parts of the input from each other - it's all just one big prompt.