body:after {
content: "\\";
background-image: url('javascript:alert(\'XSS\')');
background-color: red;
blahblah:novalidatinghere;
/*";/*
content: "";
}
Instead, cssutils parses as if most of that block were to go into the
'content' field, but the browser interprets it as if it should apply
the background-image, etc.
It looks as if the issue is that "\\" is parsed as if it were
"\" (that is, an unterminated string containing a quoted quote).