diff --git a/core/modules/color/color.module b/core/modules/color/color.module
index f5622c8..c664570 100644
--- a/core/modules/color/color.module
+++ b/core/modules/color/color.module
@@ -284,7 +284,7 @@ function template_preprocess_color_scheme_form(&$variables) {
 
   // Attempt to load preview HTML if the theme provides it.
   $preview_html_path = \Drupal::root() . '/' . (isset($info['preview_html']) ? drupal_get_path('theme', $theme) . '/' . $info['preview_html'] : drupal_get_path('module', 'color') . '/preview.html');
-  $variables['html_preview'] = SafeMarkup::set(file_get_contents($preview_html_path));
+  $variables['html_preview'] = SafeMarkup::checkAdminXss(file_get_contents($preview_html_path));
 }
 
 /**
diff --git a/core/modules/color/tests/modules/color_test/themes/color_test_theme/color/color.inc b/core/modules/color/tests/modules/color_test/themes/color_test_theme/color/color.inc
index bf0affe..b88e8ea 100644
--- a/core/modules/color/tests/modules/color_test/themes/color_test_theme/color/color.inc
+++ b/core/modules/color/tests/modules/color_test/themes/color_test_theme/color/color.inc
@@ -29,4 +29,5 @@
   'css' => array(
     'css/colors.css',
   ),
+  'preview_html' => 'color/preview.html',
 );