core/modules/ckeditor/js/ckeditor.admin.js                  |   11 +++++++++++
 .../lib/Drupal/ckeditor/Plugin/editor/editor/CKEditor.php   |    4 ++++
 2 files changed, 15 insertions(+)

diff --git a/core/modules/ckeditor/js/ckeditor.admin.js b/core/modules/ckeditor/js/ckeditor.admin.js
index 63939cf..9d82587 100644
--- a/core/modules/ckeditor/js/ckeditor.admin.js
+++ b/core/modules/ckeditor/js/ckeditor.admin.js
@@ -355,6 +355,17 @@ Drupal.behaviors.ckeditorAdmin = {
       getCKEditorFeatures(function(features) {
         // Ensure that toolbar configuration changes are broadcast.
         broadcastConfigurationChanges(features, $ckeditorToolbar);
+
+        // #9: if configureing for the first time, then strip away all buttons
+        // that are not allowed by the current HTML restricting filters.
+        var toolbarButtons = JSON.stringify(JSON.parse($textarea.val()));
+        var defaultToolbarButtons = JSON.stringify(drupalSettings.ckeditor.defaulToolbarButtons);
+        if (toolbarButtons === defaultToolbarButtons) {
+          $('.ckeditor-toolbar-active li').each(function(index, el) {
+            var featureName = el.getAttribute('data-button-name').toLowerCase();
+            // @todo: retrieve the allowed HTML in a non-hardcoded way.
+          });
+        }
       });
     }
   }
diff --git a/core/modules/ckeditor/lib/Drupal/ckeditor/Plugin/editor/editor/CKEditor.php b/core/modules/ckeditor/lib/Drupal/ckeditor/Plugin/editor/editor/CKEditor.php
index 67fb912..4ae9708 100644
--- a/core/modules/ckeditor/lib/Drupal/ckeditor/Plugin/editor/editor/CKEditor.php
+++ b/core/modules/ckeditor/lib/Drupal/ckeditor/Plugin/editor/editor/CKEditor.php
@@ -111,6 +111,8 @@ public function settingsForm(array $form, array &$form_state, Editor $editor) {
         'plugins' => array(),
       ),
     ));
+    $default_settings = $this->getDefaultSettings();
+    $default_toolbar_buttons = $default_settings['toolbar']['buttons'];
     $form['hidden_ckeditor'] = array(
       '#markup' => '<div id="ckeditor-hidden" class="element-hidden" />',
       '#attached' => array(
@@ -119,6 +121,8 @@ public function settingsForm(array $form, array &$form_state, Editor $editor) {
             'type' => 'setting',
             'data' => array('ckeditor' => array(
               'hiddenCKEditorConfig' => $this->getJSSettings($fake_editor),
+              // #9
+              'defaulToolbarButtons' => $default_toolbar_buttons,
             )),
           ),
         ),