diff --git a/core/modules/system/src/Tests/Menu/BreadcrumbTest.php b/core/modules/system/src/Tests/Menu/BreadcrumbTest.php
index ea55662..e762c1f 100644
--- a/core/modules/system/src/Tests/Menu/BreadcrumbTest.php
+++ b/core/modules/system/src/Tests/Menu/BreadcrumbTest.php
@@ -362,6 +362,11 @@ function testBreadCrumbs() {
     $trail += array('admin/reports' => t('Reports'));
     $this->assertBreadcrumb('admin/reports/dblog', $trail, t('Recent log messages'));
     $this->assertNoResponse(403);
+
+    // Ensure that the breadcrumb is safe against XSS.
+    $this->drupalGet('menu-test/breadcrumb1/breadcrumb2/breadcrumb3');
+    $this->assertRaw('<script>alert(12);</script>');
+    $this->assertRaw(String::checkPlain('<script>alert(123);</script>'));
   }
 
 }
diff --git a/core/modules/system/tests/modules/menu_test/menu_test.routing.yml b/core/modules/system/tests/modules/menu_test/menu_test.routing.yml
index 7e6984d..d5fbeca 100644
--- a/core/modules/system/tests/modules/menu_test/menu_test.routing.yml
+++ b/core/modules/system/tests/modules/menu_test/menu_test.routing.yml
@@ -367,3 +367,27 @@ menu_test.custom:
     _content: '\Drupal\menu_test\Controller\MenuTestController::menuTestCallback'
   requirements:
     _access: 'TRUE'
+
+menu_test.breadcrumb1:
+  path: '/menu-test/breadcrumb1'
+  defaults:
+    _content: '\Drupal\menu_test\Controller\MenuTestController::menuTestCallback'
+    _title: '<script>alert(12);</script>'
+  requirements:
+    _access: 'TRUE'
+
+menu_test.breadcrumb2:
+  path: '/menu-test/breadcrumb1/breadcrumb2'
+  defaults:
+    _content: '\Drupal\menu_test\Controller\MenuTestController::menuTestCallback'
+    _title_callback: '\Drupal\menu_test\Controller\MenuTestController::breadcrumbTitleCallback'
+  requirements:
+    _access: 'TRUE'
+
+menu_test.breadcrumb3:
+  path: '/menu-test/breadcrumb1/breadcrumb2/breadcrumb3'
+  defaults:
+    _content: '\Drupal\menu_test\Controller\MenuTestController::menuTestCallback'
+    _title: 'Normal title'
+  requirements:
+    _access: 'TRUE'
diff --git a/core/modules/system/tests/modules/menu_test/src/Controller/MenuTestController.php b/core/modules/system/tests/modules/menu_test/src/Controller/MenuTestController.php
index 5658582..05b4333 100644
--- a/core/modules/system/tests/modules/menu_test/src/Controller/MenuTestController.php
+++ b/core/modules/system/tests/modules/menu_test/src/Controller/MenuTestController.php
@@ -43,4 +43,13 @@ public function themePage($inherited) {
     return menu_test_theme_page_callback($inherited);
   }
 
+  /**
+   * A title callback for XSS breadcrumb check.
+   *
+   * @return string
+   */
+  public function breadcrumbTitleCallback() {
+    return '<script>alert(123);</script>';
+  }
+
 }