diff --git a/core/lib/Drupal/Core/Render/Renderer.php b/core/lib/Drupal/Core/Render/Renderer.php
index 06f9c4f..c2957f5 100644
--- a/core/lib/Drupal/Core/Render/Renderer.php
+++ b/core/lib/Drupal/Core/Render/Renderer.php
@@ -246,9 +246,8 @@ protected function doRender(&$elements, $is_root_call = FALSE) {
       $elements['#children'] = '';
     }
 
-    // @todo Simplify after https://drupal.org/node/2273925
     if (isset($elements['#markup'])) {
-      $elements['#markup'] = SafeMarkup::set($elements['#markup']);
+      $elements['#markup'] = SafeMarkup::checkAdminXss($elements['#markup']);
     }
 
     // Assume that if #theme is set it represents an implemented hook.
@@ -802,7 +801,7 @@ public function generateCachePlaceholder($callback, array &$context) {
       'token' => Crypt::randomBytesBase64(55),
     ];
 
-    return '<drupal-render-cache-placeholder callback="' . $callback . '" token="' . $context['token'] . '"></drupal-render-cache-placeholder>';
+    return SafeMarkup::set('<drupal-render-cache-placeholder callback="' . $callback . '" token="' . $context['token'] . '"></drupal-render-cache-placeholder>');
   }
 
 }
diff --git a/core/modules/filter/src/Element/ProcessedText.php b/core/modules/filter/src/Element/ProcessedText.php
index d007b5f..aedc714 100644
--- a/core/modules/filter/src/Element/ProcessedText.php
+++ b/core/modules/filter/src/Element/ProcessedText.php
@@ -8,6 +8,7 @@
 namespace Drupal\filter\Element;
 
 use Drupal\Component\Utility\NestedArray;
+use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Render\BubbleableMetadata;
 use Drupal\Core\Render\Element\RenderElement;
@@ -120,7 +121,7 @@ public static function preRenderText($element) {
 
     // Filtering done, store in #markup, set the updated bubbleable rendering
     // metadata, and set the text format's cache tag.
-    $element['#markup'] = $text;
+    $element['#markup'] = SafeMarkup::set($text);
     $metadata->applyTo($element);
     $element['#cache']['tags'] = Cache::mergeTags($element['#cache']['tags'], $format->getCacheTags());
 
diff --git a/core/modules/views/views.module b/core/modules/views/views.module
index 23fd877..408e934 100644
--- a/core/modules/views/views.module
+++ b/core/modules/views/views.module
@@ -10,6 +10,7 @@
  */
 
 use Drupal\Component\Utility\Html;
+use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Component\Utility\String;
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Database\Query\AlterableInterface;
@@ -25,6 +26,7 @@
 use Drupal\views\Views;
 use Drupal\field\FieldConfigInterface;
 
+
 /**
  * Implements hook_help().
  */
@@ -674,7 +676,7 @@ function views_pre_render_views_form_views_form($element) {
   }
 
   // Apply substitutions to the rendered output.
-  $element['output'] = array('#markup' => str_replace($search, $replace, drupal_render($element['output'])));
+  $element['output'] = array('#markup' => SafeMarkup::set(str_replace($search, $replace, drupal_render($element['output']))));
 
   // Sort, render and add remaining form fields.
   $children = Element::children($element, TRUE);
diff --git a/core/tests/Drupal/Tests/Core/Render/RendererPostRenderCacheTest.php b/core/tests/Drupal/Tests/Core/Render/RendererPostRenderCacheTest.php
index da9f232..a15fe45 100644
--- a/core/tests/Drupal/Tests/Core/Render/RendererPostRenderCacheTest.php
+++ b/core/tests/Drupal/Tests/Core/Render/RendererPostRenderCacheTest.php
@@ -416,7 +416,7 @@ public function testPlaceholder() {
       '#prefix' => '<pre>',
       '#suffix' => '</pre>',
     ];
-    $expected_output = '<pre><bar>' . $context['bar'] . '</bar></pre>';
+    $expected_output = '<pre><code>' . $context['bar'] . '</code></pre>';
 
     // #cache disabled.
     $element = $test_element;
@@ -513,7 +513,7 @@ public function testChildElementPlaceholder() {
         '#suffix' => '</pre>'
       ],
     ];
-    $expected_output = '<pre><bar>' . $context['bar'] . '</bar></pre>' . "\n";
+    $expected_output = '<pre><code>' . $context['bar'] . '</code></pre>' . "\n";
 
     // #cache disabled.
     $element = $test_element;
diff --git a/core/tests/Drupal/Tests/Core/Render/RendererTest.php b/core/tests/Drupal/Tests/Core/Render/RendererTest.php
index a53155f..4bd7639 100644
--- a/core/tests/Drupal/Tests/Core/Render/RendererTest.php
+++ b/core/tests/Drupal/Tests/Core/Render/RendererTest.php
@@ -77,6 +77,10 @@ public function providerTestRenderBasic() {
     $data[] = [[
       'child' => ['#markup' => 'bar'],
     ], 'bar'];
+    // XSS filtering test.
+    $data[] = [[
+      'child' => ['#markup' => 'This is <script>alert(\'XSS\')</script> test'],
+    ], 'This is alert(\'XSS\') test'];
     // #children set but empty, and renderable children.
     $data[] = [[
       '#children' => '',
diff --git a/core/tests/Drupal/Tests/Core/Render/RendererTestBase.php b/core/tests/Drupal/Tests/Core/Render/RendererTestBase.php
index b4320c9..091c7fc 100644
--- a/core/tests/Drupal/Tests/Core/Render/RendererTestBase.php
+++ b/core/tests/Drupal/Tests/Core/Render/RendererTestBase.php
@@ -207,7 +207,7 @@ public static function callback(array $element, array $context) {
   public static function placeholder(array $element, array $context) {
     $placeholder = \Drupal::service('renderer')->generateCachePlaceholder(__NAMESPACE__ . '\\PostRenderCache::placeholder', $context);
     $replace_element = array(
-      '#markup' => '<bar>' . $context['bar'] . '</bar>',
+      '#markup' => '<code>' . $context['bar'] . '</code>',
       '#attached' => array(
         'drupalSettings' => [
           'common_test' => $context,