diff --git a/Gemfile b/Gemfile
index aadeb71c97..324570f450 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,7 @@ gem 'rack-cache', '~> 1.2'
 gem 'jquery-rails', '~> 3.1.0'
 gem 'turbolinks', github: 'rails/turbolinks', branch: 'master'
 gem 'coffee-rails', '~> 4.0.0'
-gem 'rails-html-sanitizer', github: 'rails/rails-html-sanitizer'
+gem 'rails-html-sanitizer'
 gem 'sprockets-rails', github: 'rails/sprockets-rails', branch: 'master'
 
 # require: false so bcrypt is loaded only when has_secure_password is used.
diff --git a/railties/lib/rails/generators/rails/app/templates/Gemfile b/railties/lib/rails/generators/rails/app/templates/Gemfile
index 7ea08685fb..22b953aedc 100644
--- a/railties/lib/rails/generators/rails/app/templates/Gemfile
+++ b/railties/lib/rails/generators/rails/app/templates/Gemfile
@@ -16,7 +16,7 @@ source 'https://rubygems.org'
 # gem 'bcrypt', '~> 3.1.7'
 
 # Use Rails Html Sanitizer for HTML sanitization
-gem 'rails-html-sanitizer', github: 'rails/rails-html-sanitizer', branch: 'master'
+gem 'rails-html-sanitizer', '~> 1.0'
 
 # Use Unicorn as the app server
 # gem 'unicorn'