Reviewed by Daniel Bates.

        XSSFilter should pass 16 of the xssAuditor/script-tag* tests
        https://bugs.webkit.org/show_bug.cgi?id=53362

        Turns out we need to replace the src attribute of script tags with
        about:blank to avoid loading the main document URL as a script.  Also,
        move misplaced return statement that was triggering the console message
        too often.

        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::appendToAttributeValue):
        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        * html/parser/XSSFilter.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77057 268f45cc-cd09-0410-ab3c-d52691b4dbfc