diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc
index e1c15fe..effc583 100644
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -1622,7 +1622,7 @@ function format_string($string, array $args = array()) {
  * @ingroup sanitization
  */
 function check_plain($text) {
-  return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
+  return htmlspecialchars($text, ENT_QUOTES, 'UTF-8', FALSE);
 }
 
 /**
diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
index dff85bd..2ca4e71 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
@@ -58,6 +58,10 @@ function testInvalidMultiByte() {
   function testEscaping() {
      $text = check_plain("<script>");
      $this->assertEqual($text, '&lt;script&gt;', 'check_plain() escapes &lt;script&gt;');
+  // Test that check_plain() is not double-escaping entities in strings.
+     $text = check_plain('&lt;<script>&gt;');
+     $this->assertEqual($text, '&lt;&lt;script&gt;&gt;', 'check_plain() does not double-escape entities in strings.');
+
      $text = check_plain('<>&"\'');
      $this->assertEqual($text, '&lt;&gt;&amp;&quot;&#039;', 'check_plain() escapes reserved HTML characters.');
   }
diff --git a/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php b/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php
index d4d7451..bddab7b 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php
@@ -509,6 +509,7 @@ function testMenuLinkOptions() {
       'options' => array(
         'attributes' => array(
           'title' => 'Test title attribute',
+          'data-test' => '&#xf007;',
         ),
         'query' => array(
           'testparam' => 'testvalue',
@@ -520,6 +521,7 @@ function testMenuLinkOptions() {
     // Load front page.
     $this->drupalGet('test-page');
     $this->assertRaw('title="Test title attribute"', 'Title attribute of a menu link renders.');
+    $this->assertRaw('data-test = "&#xf007;"', 'check_plain() does not double-escape entities in strings.');
     $this->assertRaw('testparam=testvalue', 'Query parameter added to menu link.');
   }
 
diff --git a/core/modules/system/lib/Drupal/system/Tests/System/ShutdownFunctionsTest.php b/core/modules/system/lib/Drupal/system/Tests/System/ShutdownFunctionsTest.php
index d3a160e..bec5fa8 100644
--- a/core/modules/system/lib/Drupal/system/Tests/System/ShutdownFunctionsTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/System/ShutdownFunctionsTest.php
@@ -41,6 +41,6 @@ function testShutdownFunctions() {
 
     // Make sure exceptions displayed through _drupal_render_exception_safe()
     // are correctly escaped.
-    $this->assertRaw('Drupal is &amp;lt;blink&amp;gt;awesome&amp;lt;/blink&amp;gt;.');
+    $this->assertRaw('Drupal is &lt;blink&gt;awesome&lt;/blink&gt;.');
   }
 }