Enable XSS auditing by default

Qt disables this by default, but Chromium does have it enabled.

I also submitted a change to Qt to hopefully enable it by default there
starting with Qt 5.12: https://codereview.qt-project.org/#/c/198354/15

This also removes the claim of having a (big) performance impact, as Chromium's
XSS design doc says the opposite:
https://www.chromium.org/developers/design-documents/xss-auditor

(cherry picked from commit a72eee8e39b6d982d936cad999d9f50cd20dc5ce)

2 files changed, 4 insertions, 5 deletions

diff --git a/doc/help/settings.asciidoc b/doc/help/settings.asciidoc
index 75e684ffc..dbb03ef0d 100644
--- a/doc/help/settings.asciidoc
+++ b/doc/help/settings.asciidoc
@@ -2061,13 +2061,13 @@ Default: +pass:[false]+
 [[content.xss_auditing]]
 === content.xss_auditing
 Monitor load requests for cross-site scripting attempts.
-Suspicious scripts will be blocked and reported in the inspector's JavaScript console. Enabling this feature might have an impact on performance.
+Suspicious scripts will be blocked and reported in the inspector's JavaScript console.
 
 This setting supports URL patterns.
 
 Type: <<types,Bool>>
 
-Default: +pass:[false]+
+Default: +pass:[true]+
 
 [[downloads.location.directory]]
 === downloads.location.directory
diff --git a/qutebrowser/config/configdata.yml b/qutebrowser/config/configdata.yml
index 2698c34b1..e57459f64 100644
--- a/qutebrowser/config/configdata.yml
+++ b/qutebrowser/config/configdata.yml
@@ -729,14 +729,13 @@ content.webrtc_public_interfaces_only:
 
 content.xss_auditing:
   type: Bool
-  default: false
+  default: true
   supports_pattern: true
   desc: >-
     Monitor load requests for cross-site scripting attempts.
 
     Suspicious scripts will be blocked and reported in the inspector's
-    JavaScript console. Enabling this feature might have an impact on
-    performance.
+    JavaScript console.
 
 # emacs: '