diff --git a/core/modules/update/update.module b/core/modules/update/update.module
index 4aed1ef..8077575 100644
--- a/core/modules/update/update.module
+++ b/core/modules/update/update.module
@@ -459,6 +459,11 @@ function update_mail($key, &$message, $params) {
  * site-wide status report at admin/reports/status and in the body of the
  * notification email messages generated by update_cron().
  *
+ * @todo With https://www.drupal.org/node/2505499 return a render array to be
+ *   used in hook_requirements. This would allow [#markup => $text] to be passed
+ *   back and \Drupal\Core\Render\Renderer\renderPlain() can be used for the
+ *   email message.
+ *
  * @param $msg_type
  *   String to indicate what kind of message to generate. Can be either 'core'
  *   or 'contrib'.
@@ -532,15 +537,16 @@ function _update_message_text($msg_type, $msg_reason, $report_link = FALSE, $lan
   }
   if ($report_link) {
     if (update_manager_access()) {
-      $text .= ' ' . t('See the <a href="@available_updates">available updates</a> page for more information and to install your missing updates.', array('@available_updates' => \Drupal::url('update.report_update', [], ['language' => $language])), array('langcode' => $langcode));
+      $available_updates_text = t('See the <a href="@available_updates">available updates</a> page for more information and to install your missing updates.', array('@available_updates' => \Drupal::url('update.report_update', [], ['language' => $language])), array('langcode' => $langcode));
     }
     else {
-      $text .= ' ' . t('See the <a href="@available_updates">available updates</a> page for more information.', array('@available_updates' => \Drupal::url('update.status', [], ['language' => $language])), array('langcode' => $langcode));
+      $available_updates_text = t('See the <a href="@available_updates">available updates</a> page for more information.', array('@available_updates' => \Drupal::url('update.status', [], ['language' => $language])), array('langcode' => $langcode));
     }
+    return SafeMarkup::format('@text @available_updates_text', ['@text' => $text, '@available_updates_text' => $available_updates_text]);
   }
 
-  // All strings are t() and empty space concatenated so return SafeMarkup.
-  return SafeMarkup::set($text);
+  // Anything in $text has been run through t() and marked as safe.
+  return $text;
 }
 
 /**