XSSAuditor: truncate form action attribute like other src-like attributes

third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp

Index: third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
diff --git a/third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp b/third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
index cc7279125f0693aa9df14d669cc53c1c8af2d461..d425e1e35305ef1c9099e432e2b2e5c9d93a8866 100644
--- a/third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
+++ b/third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
@@ -649,7 +649,8 @@ bool XSSAuditor::FilterFormToken(const FilterTokenRequest& request) {
   DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag);
   DCHECK(HasName(request.token, formTag));
 
-  return EraseAttributeIfInjected(request, actionAttr, kURLWithUniqueOrigin);
+  return EraseAttributeIfInjected(request, actionAttr, kURLWithUniqueOrigin,
+                                  kSrcLikeAttributeTruncation);
 }
 
 bool XSSAuditor::FilterInputToken(const FilterTokenRequest& request) {