Closes #3263032 by using the DOMPurify library to sanitize HTML captions. DOMPurify is optional, and if not installed, captions will be sanitized as plain text.