Test for security against XSS and standards compliance.
Here are some reference materials you may find useful:
* Progress report - this documents what has been implemented and what has not. Some valid CSS will be filtered out... but that's the nature of whitelist filtering! Those will be implemented soon. However, the lexer should be guaranteed to produce valid XHTML.
* XSS attacks smoketest - using their handy dandy XML format, I've banged out a smoketest for all of the XSS methods in that cheatsheet. So far, none of them seem to work.
* Code Quality Issues - I get lazy, I've tried to figure out where that happened, so these may be weak spots.
Some input ideas:
* Copy-paste HTML from websites (intact) and see how it handles the onslaught of <meta> and <head> tags.
* Copy-paste HTML from this forum!
* Copy-paste HTML from your website.
Also, look out for funny behavior. It may be standards-compliant, but it may not do the best thing to the text when it hits it. Does a certain escaping behavior surprise you? Put it here.
Edit - Clarify what security means
Edit 2 - Update status