• Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features, reported by @neilj and @mfreed7
• Changed RETURN_DOM_IMPORT default to true to address said possible XSS
• Updated README to reflect the new change and inform about the risks of manually setting RETURN_DOM_IMPORT back to false
• Fixed the tests to properly address the new default