the sanitize function using CSS. For example:
with any other browsers.
This isn’t really a bug, since the documentation for sanitize doesn’t
claim to clean up CSS. The docs should perhaps contain a disclaimer
preventing XSS attacks.