diff --git a/NEWS b/NEWS
index 4e838c63..23b41c33 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Support for Internet Explorer compatibility with %HTML.SafeObject
   using %Output.FlashCompat.
 ! Handle <ol><ol> properly, by inserting the necessary <li> tag.
+- Always quote the insides of url(...) in CSS.
 
 4.0.0, released 2009-07-07
 # APIs for ConfigSchema subsystem have substantially changed. See
diff --git a/library/HTMLPurifier/AttrDef/CSS/URI.php b/library/HTMLPurifier/AttrDef/CSS/URI.php
index 435d7930..54b7d63f 100644
--- a/library/HTMLPurifier/AttrDef/CSS/URI.php
+++ b/library/HTMLPurifier/AttrDef/CSS/URI.php
@@ -47,7 +47,7 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
         // URI at all
         $result = str_replace($keys, $values, $result);
 
-        return "url($result)";
+        return "url('$result')";
 
     }
 
diff --git a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
index bf2f24e0..b36d09a6 100644
--- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
@@ -8,12 +8,12 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes
         $config = HTMLPurifier_Config::createDefault();
         $this->def = new HTMLPurifier_AttrDef_CSS_Background($config);
 
-        $valid = '#333 url(chess.png) repeat fixed 50% top';
+        $valid = '#333 url(\'chess.png\') repeat fixed 50% top';
         $this->assertDef($valid);
         $this->assertDef('url("chess.png") #333 50% top repeat fixed', $valid);
         $this->assertDef(
             'rgb(34, 56, 33) url(chess.png) repeat fixed top',
-            'rgb(34,56,33) url(chess.png) repeat fixed top'
+            'rgb(34,56,33) url(\'chess.png\') repeat fixed top'
         );
 
     }
diff --git a/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php b/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php
index fa04fb60..8fd43e59 100644
--- a/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php
@@ -13,14 +13,14 @@ class HTMLPurifier_AttrDef_CSS_ListStyleTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('circle outside');
         $this->assertDef('inside');
         $this->assertDef('none');
-        $this->assertDef('url(foo.gif)');
-        $this->assertDef('circle url(foo.gif) inside');
+        $this->assertDef('url(\'foo.gif\')');
+        $this->assertDef('circle url(\'foo.gif\') inside');
 
         // invalid values
         $this->assertDef('outside inside', 'outside');
 
         // ordering
-        $this->assertDef('url(foo.gif) none', 'none url(foo.gif)');
+        $this->assertDef('url(foo.gif) none', 'none url(\'foo.gif\')');
         $this->assertDef('circle lower-alpha', 'circle');
         // the spec is ambiguous about what happens in these
         // cases, so we're going off the W3C CSS validator
diff --git a/tests/HTMLPurifier/AttrDef/CSS/URITest.php b/tests/HTMLPurifier/AttrDef/CSS/URITest.php
index 099b1639..20cc79d2 100644
--- a/tests/HTMLPurifier/AttrDef/CSS/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/URITest.php
@@ -15,8 +15,8 @@ class HTMLPurifier_AttrDef_CSS_URITest extends HTMLPurifier_AttrDefHarness
         // no quotes are used, since that's the most widely supported
         // syntax
         $this->assertDef('url(', false);
-        $this->assertDef('url()', true);
-        $result = "url(http://www.example.com/)";
+        $this->assertDef('url(\'\')', true);
+        $result = "url('http://www.example.com/')";
         $this->assertDef('url(http://www.example.com/)', $result);
         $this->assertDef('url("http://www.example.com/")', $result);
         $this->assertDef("url('http://www.example.com/')", $result);
@@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_CSS_URITest extends HTMLPurifier_AttrDefHarness
 
         // escaping
         $this->assertDef("url(http://www.example.com/foo,bar\))",
-            "url(http://www.example.com/foo\,bar\))");
+            "url('http://www.example.com/foo\,bar\)')");
     }
 
 }
diff --git a/tests/HTMLPurifier/AttrDef/CSSTest.php b/tests/HTMLPurifier/AttrDef/CSSTest.php
index 1c15a5c1..8ef818db 100644
--- a/tests/HTMLPurifier/AttrDef/CSSTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSSTest.php
@@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('text-transform:capitalize;');
         $this->assertDef('background-color:rgb(0,0,255);');
         $this->assertDef('background-color:transparent;');
-        $this->assertDef('background:#333 url(chess.png) repeat fixed 50% top;');
+        $this->assertDef('background:#333 url(\'chess.png\') repeat fixed 50% top;');
         $this->assertDef('color:#F00;');
         $this->assertDef('border-top-color:#F00;');
         $this->assertDef('border-color:#F00 #FF0;');
@@ -73,9 +73,9 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('vertical-align:12px;');
         $this->assertDef('vertical-align:50%;');
         $this->assertDef('table-layout:fixed;');
-        $this->assertDef('list-style-image:url(nice.jpg);');
-        $this->assertDef('list-style:disc url(nice.jpg) inside;');
-        $this->assertDef('background-image:url(foo.jpg);');
+        $this->assertDef('list-style-image:url(\'nice.jpg\');');
+        $this->assertDef('list-style:disc url(\'nice.jpg\') inside;');
+        $this->assertDef('background-image:url(\'foo.jpg\');');
         $this->assertDef('background-image:none;');
         $this->assertDef('background-repeat:repeat-y;');
         $this->assertDef('background-attachment:fixed;');
@@ -101,7 +101,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         // bad props
         $this->assertDef('nodice:foobar;', false);
         $this->assertDef('position:absolute;', false);
-        $this->assertDef('background-image:url(javascript:alert\(\));', false);
+        $this->assertDef('background-image:url(\'javascript:alert\(\)\');', false);
 
         // airy input
         $this->assertDef(' font-weight : bold; color : #ff0000',
diff --git a/tests/HTMLPurifier/HTMLT/munge-extra.htmlt b/tests/HTMLPurifier/HTMLT/munge-extra.htmlt
index a469cdd4..c10109ed 100644
--- a/tests/HTMLPurifier/HTMLT/munge-extra.htmlt
+++ b/tests/HTMLPurifier/HTMLT/munge-extra.htmlt
@@ -7,5 +7,5 @@ URI.MungeResources = true
 <img src="http://example.com" style="background-image:url(http://example.com);" alt="example.com" />
 --EXPECT--
 <a href="/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=&amp;n=a&amp;m=href&amp;p=">Link</a>
-<img src="/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=1&amp;n=img&amp;m=src&amp;p=" style="background-image:url(/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=1&amp;n=img&amp;m=style&amp;p=background-image);" alt="example.com" />
+<img src="/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=1&amp;n=img&amp;m=src&amp;p=" style="background-image:url('/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=1&amp;n=img&amp;m=style&amp;p=background-image');" alt="example.com" />
 --# vim: et sw=4 sts=4
diff --git a/tests/HTMLPurifier/HTMLT/tidy-background.htmlt b/tests/HTMLPurifier/HTMLT/tidy-background.htmlt
index 9b112708..e9438b84 100644
--- a/tests/HTMLPurifier/HTMLT/tidy-background.htmlt
+++ b/tests/HTMLPurifier/HTMLT/tidy-background.htmlt
@@ -1,5 +1,5 @@
 --HTML--
 <table background="logo.png"><tr><td>asdf</td></tr></table>
 --EXPECT--
-<table style="background-image:url(logo.png);"><tr><td>asdf</td></tr></table>
+<table style="background-image:url('logo.png');"><tr><td>asdf</td></tr></table>
 --# vim: et sw=4 sts=4