dompurify 2.2.0

Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features, reported by @neilj and @mfreed7
Changed RETURN_DOM_IMPORT default to true to address said possible XSS
Updated README to reflect the new change and inform about the risks of manually setting RETURN_DOM_IMPORT back to false
Fixed the tests to properly address the new default