As it is, many of the open issues relate to the sanitizer and the default set of elements/attributes allowed in it.

I've had occasional discussions with @willkg about whether or not it makes sense to keep on maintaining the sanitizer as part of html5lib, and on the whole my opinion has for a long time been that it doesn't. IMO, it should either become a project in its own right or incorporated into Bleach (cc/ @g-k who's probably the other person there who needs to be involved in this discussion).

Why do I think it makes sense to split out? At this point it's relatively tangential to the rest of the project (it's not tightly coupled to any part of html5lib and it operates purely with the public API), but it's arguably the most in need of maintenance part of the project (as it is in many ways more security sensitive than the majority of the rest).

One relatively simple option is to split it out into a project of its own right (potentially initially as a cyclic dependency, whereby the existing API continues to function), and see if anyone wants to maintain it as a separate project.