diff --git a/core/lib/Drupal/Component/Utility/Xss.php b/core/lib/Drupal/Component/Utility/Xss.php
index 4c6e812..cf39407 100644
--- a/core/lib/Drupal/Component/Utility/Xss.php
+++ b/core/lib/Drupal/Component/Utility/Xss.php
@@ -43,6 +43,9 @@ class Xss {
    *   can cause an XSS attack.
    * @param array $html_tags
    *   An array of HTML tags.
+   * @param bool $set_safe_markup
+   *   (optional) Defaults to TRUE and calls SafeMarkup::set() on result before
+   *   returning it.
    *
    * @return string
    *   An XSS safe version of $string, or an empty string if $string is not
@@ -53,7 +56,7 @@ class Xss {
    *
    * @ingroup sanitization
    */
-  public static function filter($string, $html_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) {
+  public static function filter($string, $html_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'), $set_safe_markup = TRUE) {
     // Only operate on valid UTF-8 strings. This is necessary to prevent cross
     // site scripting issues on Internet Explorer 6.
     if (!Unicode::validateUtf8($string)) {
@@ -83,7 +86,7 @@ public static function filter($string, $html_tags = array('a', 'em', 'strong', '
     // for output. All other known XSS vectors have been filtered out by this
     // point and any HTML tags remaining will have been deliberately allowed, so
     // it is acceptable to call SafeMarkup::set() on the resultant string.
-    return SafeMarkup::set(preg_replace_callback('%
+    $markup = preg_replace_callback('%
       (
       <(?=[^a-zA-Z!/])  # a lone <
       |                 # or
@@ -92,7 +95,9 @@ public static function filter($string, $html_tags = array('a', 'em', 'strong', '
       <[^>]*(>|$)       # a string that starts with a <, up until the > or the end of the string
       |                 # or
       >                 # just a >
-      )%x', $splitter, $string));
+      )%x', $splitter, $string);
+
+    return $set_safe_markup ? SafeMarkup::set($markup) : $markup;
   }
 
   /**
diff --git a/core/modules/dblog/src/Controller/DbLogController.php b/core/modules/dblog/src/Controller/DbLogController.php
index 2e2eccf..1582878 100644
--- a/core/modules/dblog/src/Controller/DbLogController.php
+++ b/core/modules/dblog/src/Controller/DbLogController.php
@@ -185,9 +185,7 @@ public function overview() {
       $message = $this->formatMessage($dblog);
       if ($message && isset($dblog->wid)) {
         // Truncate link_text to 56 chars of message.
-        // @todo Reevaluate the SafeMarkup::set() in
-        //   https://www.drupal.org/node/2399261.
-        $log_text = SafeMarkup::set(Unicode::truncate(Xss::filter($message, array()), 56, TRUE, TRUE));
+        $log_text = Xss::filter(Unicode::truncate(Xss::filter($message, array(), FALSE), 56, TRUE, TRUE), array());
         $message = $this->l($log_text, new Url('dblog.event', array('event_id' => $dblog->wid), array(
           'attributes' => array(
             // Provide a title for the link for useful hover hints.