<portal> is an experiment/pet project pushed (and only implemented!) by one browser vendor, which as far as I know remains feature flagged.
It was shipped behind a flag with an initial implementation vulnerable to a same origin policy bypass as well as local file disclosure. As far as I can tell the only reason it wasn't assigned a Moz standards position of "harmful" is because Google argued "it's actually still a work in progress!" (three years ago).