Rewrite CSS url() and font-family output logic.

The new logic is as follows:

* Given a URL to insert into url(), check that it is properly URL
  encoded (in particular, a doublequote and backslash never occurs
  within it) and then place it as url("http://example.com").

* Given a font name, if it is strictly alphanumeric, it is safe to omit
  quotes. Otherwise, wrap in double quotes and replace '"' with '\22 '
  (note trailing space) and '\' with '\5C ' (ditto).

We introduce expandCSSEscape() which is a hack for common parsing
idioms in CSS; this means that CSS escapes are now recognized inside
URLs as well as unquoted font names.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

tests/HTMLPurifier/AttrDef/CSS/FontTest.php

@@ -11,10 +11,10 @@ class HTMLPurifier_AttrDef_CSS_FontTest extends HTMLPurifier_AttrDefHarness
         // hodgepodge of usage cases from W3C spec, but " -> '
         $this->assertDef('12px/14px sans-serif');
         $this->assertDef('80% sans-serif');
-        $this->assertDef('x-large/110% \'New Century Schoolbook\', serif');
+        $this->assertDef('x-large/110% "New Century Schoolbook", serif');
         $this->assertDef('bold italic large Palatino, serif');
         $this->assertDef('normal small-caps 120%/120% fantasy');
-        $this->assertDef('300 italic 1.3em/1.7em \'FB Armada\', sans-serif');
+        $this->assertDef('300 italic 1.3em/1.7em "FB Armada", sans-serif');
         $this->assertDef('600 9px Charcoal');
         $this->assertDef('600 9px/ 12px Charcoal', '600 9px/12px Charcoal');