diff --git a/core/lib/Drupal/Core/Template/Attribute.php b/core/lib/Drupal/Core/Template/Attribute.php
index 3ea18b1..3ce6900 100644
--- a/core/lib/Drupal/Core/Template/Attribute.php
+++ b/core/lib/Drupal/Core/Template/Attribute.php
@@ -251,14 +251,15 @@ public function hasClass($class) {
    * Implements the magic __toString() method.
    */
   public function __toString() {
-    $return = '';
+    $return = array();
+    /** @var \Drupal\Core\Template\AttributeValueBase $value */
     foreach ($this->storage as $name => $value) {
-      $rendered = $value->render();
-      if ($rendered) {
-        $return .= ' ' . $rendered;
-      }
+      $return[] = $value->render();
     }
-    return SafeMarkup::set($return);
+    // The implementations of AttributeValueBase::render() call
+    // htmlspecialchars() on the attribute name and value so we are confident
+    // that the return value can be set as safe.
+    return SafeMarkup::set(implode(' ', $return));
   }
 
   /**
diff --git a/core/lib/Drupal/Core/Template/AttributeArray.php b/core/lib/Drupal/Core/Template/AttributeArray.php
index 4cdd932..9cd3915 100644
--- a/core/lib/Drupal/Core/Template/AttributeArray.php
+++ b/core/lib/Drupal/Core/Template/AttributeArray.php
@@ -76,7 +76,7 @@ public function offsetExists($offset) {
   public function __toString() {
     // Filter out any empty values before printing.
     $this->value = array_unique(array_filter($this->value));
-    return SafeMarkup::checkPlain(implode(' ', $this->value));
+    return htmlspecialchars(implode(' ', $this->value), ENT_QUOTES, 'UTF-8');
   }
 
   /**
diff --git a/core/lib/Drupal/Core/Template/AttributeBoolean.php b/core/lib/Drupal/Core/Template/AttributeBoolean.php
index a2e5c02..7ff67ae 100644
--- a/core/lib/Drupal/Core/Template/AttributeBoolean.php
+++ b/core/lib/Drupal/Core/Template/AttributeBoolean.php
@@ -7,8 +7,6 @@
 
 namespace Drupal\Core\Template;
 
-use Drupal\Component\Utility\SafeMarkup;
-
 /**
  * A class that defines a type of boolean HTML attribute.
  *
@@ -42,7 +40,7 @@ public function render() {
    * Implements the magic __toString() method.
    */
   public function __toString() {
-    return $this->value === FALSE ? '' : SafeMarkup::checkPlain($this->name);
+    return $this->value === FALSE ? '' : htmlspecialchars($this->name, ENT_QUOTES, 'UTF-8');
   }
 
 }
diff --git a/core/lib/Drupal/Core/Template/AttributeString.php b/core/lib/Drupal/Core/Template/AttributeString.php
index 51b1448..2dff59b 100644
--- a/core/lib/Drupal/Core/Template/AttributeString.php
+++ b/core/lib/Drupal/Core/Template/AttributeString.php
@@ -7,8 +7,6 @@
 
 namespace Drupal\Core\Template;
 
-use Drupal\Component\Utility\SafeMarkup;
-
 /**
  * A class that represents most standard HTML attributes.
  *
@@ -30,7 +28,7 @@ class AttributeString extends AttributeValueBase {
    * Implements the magic __toString() method.
    */
   public function __toString() {
-    return SafeMarkup::checkPlain($this->value);
+    return htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8');
   }
 
 }
diff --git a/core/lib/Drupal/Core/Template/AttributeValueBase.php b/core/lib/Drupal/Core/Template/AttributeValueBase.php
index 4db6dd8..c037004 100644
--- a/core/lib/Drupal/Core/Template/AttributeValueBase.php
+++ b/core/lib/Drupal/Core/Template/AttributeValueBase.php
@@ -7,8 +7,6 @@
 
 namespace Drupal\Core\Template;
 
-use Drupal\Component\Utility\SafeMarkup;
-
 /**
  * Defines the base class for an attribute type.
  *
@@ -57,7 +55,7 @@ public function __construct($name, $value) {
   public function render() {
     $value = (string) $this;
     if (isset($this->value) && static::RENDER_EMPTY_ATTRIBUTE || !empty($value)) {
-      return SafeMarkup::checkPlain($this->name) . '="' . $value . '"';
+      return htmlspecialchars($this->name, ENT_QUOTES, 'UTF-8') . '="' . $value . '"';
     }
   }