diff --git a/Gemfile b/Gemfile
index e127971a27..b7357231e7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ gem 'mocha', '~> 0.14', require: false
 gem 'rack-cache', '~> 1.2'
 gem 'jquery-rails', github: 'rails/jquery-rails', branch: 'master'
 gem 'coffee-rails', '~> 4.0.0'
-gem 'rails-html-sanitizer'
+gem 'rails-html-sanitizer', github: 'rails/rails-html-sanitizer'
 gem 'turbolinks', '~> 2.2.3'
 
 # require: false so bcrypt is loaded only when has_secure_password is used.
diff --git a/railties/test/application/default_stack_test.rb b/railties/test/application/default_stack_test.rb
new file mode 100644
index 0000000000..4778cdd74c
--- /dev/null
+++ b/railties/test/application/default_stack_test.rb
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+require 'isolation/abstract_unit'
+require 'rack/test'
+require 'active_support/json'
+
+module ApplicationTests
+  class DefaultStackTest < ActiveSupport::TestCase
+    include ActiveSupport::Testing::Isolation
+    include Rack::Test::Methods
+
+    def setup
+      build_app(initializers: true)
+      boot_rails
+    end
+
+    def teardown
+      teardown_app
+    end
+
+    test "the sanitizer helper" do
+      controller :foo, <<-RUBY
+        class FooController < ApplicationController
+          def index
+            render text: self.class.helpers.class.sanitizer_vendor
+          end
+        end
+      RUBY
+
+      app_file 'config/routes.rb', <<-RUBY
+        Rails.application.routes.draw do
+          get ':controller(/:action)'
+        end
+      RUBY
+
+      require "#{app_path}/config/environment"
+
+      get "/foo"
+      assert_equal 'Rails::Html::Sanitizer', last_response.body.strip
+    end
+  end
+end