Rewrite CSS url() and font-family output logic.

The new logic is as follows:

* Given a URL to insert into url(), check that it is properly URL
  encoded (in particular, a doublequote and backslash never occurs
  within it) and then place it as url("http://example.com").

* Given a font name, if it is strictly alphanumeric, it is safe to omit
  quotes. Otherwise, wrap in double quotes and replace '"' with '\22 '
  (note trailing space) and '\' with '\5C ' (ditto).

We introduce expandCSSEscape() which is a hack for common parsing
idioms in CSS; this means that CSS escapes are now recognized inside
URLs as well as unquoted font names.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php

@@ -8,12 +8,12 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes
         $config = HTMLPurifier_Config::createDefault();
         $this->def = new HTMLPurifier_AttrDef_CSS_Background($config);
 
-        $valid = '#333 url(\'chess.png\') repeat fixed 50% top';
+        $valid = '#333 url("chess.png") repeat fixed 50% top';
         $this->assertDef($valid);
-        $this->assertDef('url("chess.png") #333 50% top repeat fixed', $valid);
+        $this->assertDef('url(\'chess.png\') #333 50% top repeat fixed', $valid);
         $this->assertDef(
             'rgb(34, 56, 33) url(chess.png) repeat fixed top',
-            'rgb(34,56,33) url(\'chess.png\') repeat fixed top'
+            'rgb(34,56,33) url("chess.png") repeat fixed top'
         );
 
     }