diff -u b/core/lib/Drupal/Core/Template/TwigExtension.php b/core/lib/Drupal/Core/Template/TwigExtension.php
--- b/core/lib/Drupal/Core/Template/TwigExtension.php
+++ b/core/lib/Drupal/Core/Template/TwigExtension.php
@@ -348,18 +348,18 @@
   }
 
   /**
-   * Provides way to escape URLs.
+   * Escapes URLs to HTML and strips them of dangerous protocols.
    *
    * @param \Twig_Environment $env
    *   A Twig_Environment instance.
    * @param mixed $string
-   *   The value to be escaped.
+   *   The URL.
    *
    * @return null|string
-   *   The escaped, rendered output, or NULL if there is no valid output.
+   *   The sanitized, rendered output, or NULL if there is no valid output.
    */
   public function urlFilter($env, $string) {
-    return $this->escapeFilter($env, UrlHelper::stripDangerousProtocols($string));
+    return Html::escape($env, UrlHelper::stripDangerousProtocols($string));
   }
 
   /**