diff --git a/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php b/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php
index 9e5372f..5cb2d1b 100644
--- a/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php
+++ b/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php
@@ -195,6 +195,40 @@ public function buildForm(array $form, FormStateInterface $form_state, Request $
   /**
    * {@inheritdoc}
    */
+  public function validateForm(array &$form, FormStateInterface $form_state) {
+    $form_values = $form_state->getValue(array('translation', 'config_names'));
+    foreach ($this->mapper->getConfigNames() as $name) {
+      foreach ($form_values[$name] as $key => $value) {
+        // Assume submitted value is safe unless otherwise determined.
+        $is_safe = TRUE;
+        // Is the submitted value an array?
+        if (is_array($value)) {
+          // Walk through the array to check each value.
+          array_walk_recursive($value, function(&$item) use (&$is_safe) {
+            // If is a string and not safe.
+            if (is_string($item) && !locale_string_is_safe($item)) {
+              $is_safe = FALSE;
+            }
+          });
+        }
+        // If is a string value, check if it is not safe.
+        elseif (is_string($value) && !locale_string_is_safe($value)) {
+          $is_safe = FALSE;
+        }
+        // Is the submitted value deemed not safe?
+        if (!$is_safe) {
+          // Retrieve field label and name attribute.
+          $field_name = 'translation[config_names][' . $name . '][' . $key;
+          // Field value is not safe, display error.
+          $form_state->setErrorByName($field_name, $this->t('The submitted string contains disallowed HTML.'));
+        }
+      }
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
   public function submitForm(array &$form, FormStateInterface $form_state) {
     $form_values = $form_state->getValue(array('translation', 'config_names'));