estark37
commented
7 years ago Per-site process isolation can mitigate UXSS today, but it's not fully deployed in Chrome today, and it's unlikely to be deployed in the near future in such a way that it'll fully mitigate UXSS, because we can't afford a process for every single site. Isolate-Me gives a site a way to request to opt in to per-site process isolation.
(Moreover, per-site process isolation is a Chrome feature, not a web platform concept, so we can't really rely upon it existing in the spec.)
randomdross
Issued raised by @randomdross in spec, moving it here for discussion.