diff --git a/core/modules/dblog/src/Controller/DbLogController.php b/core/modules/dblog/src/Controller/DbLogController.php
index fd77c64..67fdd28 100644
--- a/core/modules/dblog/src/Controller/DbLogController.php
+++ b/core/modules/dblog/src/Controller/DbLogController.php
@@ -230,6 +230,7 @@ public function overview() {
    * @return array
    *   If the ID is located in the Database Logging table, a build array in the
    *   format expected by drupal_render();
+   *
    */
   public function eventDetails($event_id) {
     $build = array();
@@ -360,7 +361,7 @@ public function formatMessage($row) {
     else {
       $message = FALSE;
     }
-    return $message;
+    return ($message) ? Xss::filterAdmin($message) : FALSE;
   }
 
   /**
diff --git a/core/modules/dblog/src/Tests/DbLogTest.php b/core/modules/dblog/src/Tests/DbLogTest.php
index 5f263db..28edfaa 100644
--- a/core/modules/dblog/src/Tests/DbLogTest.php
+++ b/core/modules/dblog/src/Tests/DbLogTest.php
@@ -52,12 +52,7 @@ protected function setUp() {
     $this->drupalPlaceBlock('system_breadcrumb_block');
 
     // Create users with specific permissions.
-    $this->adminUser = $this->drupalCreateUser(array(
-      'administer site configuration',
-      'access administration pages',
-      'access site reports',
-      'administer users',
-    ));
+    $this->adminUser = $this->drupalCreateUser(array('administer site configuration', 'access administration pages', 'access site reports', 'administer users'));
     $this->webUser = $this->drupalCreateUser(array());
   }