We need to update rails-html-sanitizer due to a vulnerability:
Title: XSS vulnerability in rails-html-sanitizer
Solution: upgrade to >= 1.0.4
To be determined.
From the gem's README:
Rails Html Sanitizer is only intended to be used with Rails applications. If you need similar functionality in non Rails apps consider using Loofah directly (that's what handles sanitization under the hood).
So if we test the new version of loofah (AO3-5366), that should be enough.
Loofah looks good, so this should be good!