diff --git a/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php b/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php
index 9e5372f..78c1d46 100644
--- a/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php
+++ b/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php
@@ -195,6 +195,25 @@ public function buildForm(array $form, FormStateInterface $form_state, Request $
   /**
    * {@inheritdoc}
    */
+  public function validateForm(array &$form, FormStateInterface $form_state) {
+    $form_values = $form_state->getValue(array('translation', 'config_names'));
+    foreach ($this->mapper->getConfigNames() as $name) {
+      foreach ($form_values[$name] as $key => $value) {
+        // Check that the submitted config value is safe.
+        if (is_string($value) && !locale_string_is_safe($value)) {
+          // Retrieve field label and name attribute.
+          $label = $form['config_names'][$name][$key]['translation']['#title'];
+          $field_name = $form['config_names'][$name][$key]['translation']['#name'];
+          // Field value is not safe, display error.
+          $form_state->setErrorByName($field_name, $this->t('The submitted %label value contains disallowed HTML', array('%label' => $label)));
+        }
+      }
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
   public function submitForm(array &$form, FormStateInterface $form_state) {
     $form_values = $form_state->getValue(array('translation', 'config_names'));