Sanitizer currently wipes out entire url() CSS values.
This is unnecessarily too strict.
It should at least allow same domain (either via full URL or relative path) URLs.
On WMF sites it should allow something like "^[a-z0-9]+\.(wik(i((m|p)edia|books|news|quote|source|versity)|tionary)\.org/.*"
Furthermore it would be even better to have configurable list (eg. [[MediaWiki:Allowedurls]]) of allowed URLs perhaps using regexps like eg. blacklists do.