Add a couple of additional XSS tests

BUG=

Review URL: https://codereview.chromium.org/2160413002 .

tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart

@@ -116,6 +116,14 @@ main() {
         validator,
         '<span>![CDATA[ some text ]]></span>');
 
+    testHtml('backquotes not removed',
+             validator,
+             '<img src="dice.png" alt="``onload=xss()" />');
+
+    testHtml('0x3000 not removed',
+             validator,
+             '<a href="&#x3000;javascript:alert(1)">CLICKME</a>');
+
     test('sanitizes template contents', () {
       if (!TemplateElement.supported) return;