diff --git a/core/modules/dblog/src/Controller/DbLogController.php b/core/modules/dblog/src/Controller/DbLogController.php
index 3e98512..9c5156e 100644
--- a/core/modules/dblog/src/Controller/DbLogController.php
+++ b/core/modules/dblog/src/Controller/DbLogController.php
@@ -7,6 +7,7 @@
 
 namespace Drupal\dblog\Controller;
 
+use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Xss;
@@ -271,7 +272,7 @@ public function eventDetails($event_id) {
         ),
         array(
           array('data' => $this->t('Operations'), 'header' => TRUE),
-          $dblog->link,
+          SafeMarkup::set($dblog->link),
         ),
       );
       $build['dblog_table'] = array(
diff --git a/core/modules/dblog/src/Tests/DbLogTest.php b/core/modules/dblog/src/Tests/DbLogTest.php
index 4dc37e4..c36af11 100644
--- a/core/modules/dblog/src/Tests/DbLogTest.php
+++ b/core/modules/dblog/src/Tests/DbLogTest.php
@@ -65,6 +65,7 @@ function testDbLog() {
     $this->verifyEvents();
     $this->verifyReports();
     $this->verifyBreadcrumbs();
+    $this->verifyLinkEscaping();
 
     // Login the regular user.
     $this->drupalLogin($this->any_user);
@@ -218,6 +219,35 @@ private function verifyEvents() {
   }
 
   /**
+   * Test the escaping of links in the operation row of a database log detail
+   * page.
+   */
+  private function verifyLinkEscaping() {
+    global $base_root;
+    $link = '<a href="/node/1">View</a>';
+    $log = array(
+      'channel'     => 'custom',
+      'message'     => 'Log entry added to do the verifyLinkEscaping test.',
+      'variables'   => array(),
+      'severity'    => WATCHDOG_NOTICE,
+      'link'        => $link,
+      'user'        => $this->big_user,
+      'uid'         => $this->big_user->id(),
+      'request_uri' => $base_root . request_uri(),
+      'referer'     => \Drupal::request()->server->get('HTTP_REFERER'),
+      'ip'          => '127.0.0.1',
+      'timestamp'   => REQUEST_TIME,
+    );
+    // Add a watchdog entry.
+    $this->container->get('logger.dblog')->log($log['severity'], $log['message'], $log);
+    $result = db_query_range('SELECT wid FROM {watchdog} ORDER BY wid DESC', 0, 1);
+    $this->drupalGet('admin/reports/dblog/event/' . $result->fetchField());
+
+    // Check if the link exists (unescaped).
+    $this->assertRaw($link);
+  }
+
+  /**
    * Generates and then verifies some user events.
    */
   private function doUser() {