We should implement site isolation, where each site (scheme + domain + port) gets its own WebContent process, and code from each origin only runs in that process.
When one site embeds an iframe from another site, we'll have two WebContent processes who will have to coordinate communication, layout, rendering, input, etc.
We should implement site isolation, where each site (scheme + domain + port) gets its own WebContent process, and code from each origin only runs in that process.
When one site embeds an iframe from another site, we'll have two WebContent processes who will have to coordinate communication, layout, rendering, input, etc.
Here's how they've done it in Chromium: https://www.chromium.org/Home/chromium-security/site-isolation/