Invalid SafeScripting purification for non-empty <script> tag

[xemlock]

Consider the following script:

<?php

require './vendor/autoload.php';

$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeScripting', array('https://localhost/foo.js'));

$purifier = new HTMLPurifier($config);
echo $purifier->purify('<script type="text/javascript" src="https://localhost/bar.js">FOO</script>');

I believe the whole <script> tag, together with its text content, should be removed as invalid - because src attribute isn't included on the whitelist.

Instead <script> contents are inserted as-is, resulting in the following output:

FOO

Tested with HTMLPurifier 4.10.0, 4.9.3, 4.8.0.

[xemlock]

I've just realized it's a duplicate of #198.