HTML Sanitizing Information Disclosure - CVE-2011-1252
HTML fragments from dynamic and potentially malicious content.
If an attacker is able to break the filtering mechanism and pass malicious code through this function, he/she may be
able to perform HTML injection based attacks (i.e. XSS).
An attacker is able to create a specially formed CSS that after passing through the toStaticHTML function will contain