sanitize_css gauntlet rejects valid css

[willkg]

I'm working through rewriting Bleach to work with html5lib >= 0.99999999.

We have a few "sanitize the css" tests that are failing the regexp gauntlet in filters/sanitizer.py:Filter:sanitize_css.

In particular, it doesn't like the following:

• font: italic small-caps bolder condensed 16px/3 cursive;
• color: rgba(255,0,0,0.4);
• color: hsl(30,100%,50%);
• cursor: -moz-grab;
• text-overflow: "," ellipsis;
• text-overflow: ',' ellipsis;

I tested with html5lib 0.99999999 (8 9s) and 0.999999999 (9 9s), but looking at git history for the lines in question, I think it's been this way for a while.

https://github.com/html5lib/html5lib-python/blob/master/html5lib/filters/sanitizer.py#L843

[willkg]

Incidentally, previous versions of Bleach overrode this method with a different gauntlet. I'm going to keep doing that, so this doesn't block me in any way. I figured it helped to write up a bug.

[gsnedders]

I think until #152 happens this is simply not going to get fixed.