I'll be trying this— I like Firefox containers a lot, but I dislike how session-oriented they are. You can force a particular site into container X, but every click from there will stay in container X unless another rule forces it to a different containers.
What I want is something more like "jail site X in container X, and open every non-X link in a temporary container / container Y / whatever."
I use containers + Cookie Auto delete [0]. In the HN container, I keep HN cookies. Anything opened from HN will stay in the HN container and non-HN sites get cookies deleted shortly. This reduces some tracking for me, but doesn't do anything for something like an XSS against HN that the GP seems to be referring to.
What I want is something more like "jail site X in container X, and open every non-X link in a temporary container / container Y / whatever."