reverted:
--- b/core/lib/Drupal/Component/Utility/PlaceholderTrait.php
+++ a/core/lib/Drupal/Component/Utility/PlaceholderTrait.php
@@ -56,14 +56,6 @@
           $args[$key] = Html::escape(UrlHelper::stripDangerousProtocols($value));
           break;
 
-        case ':':
-          // URL attributes must be escaped unconditionally (even if they were
-          // already marked safe) since content that has been filtered for XSS
-          // can still contain characters that are unsafe for use in attributes.
-          // @todo decide what to do about non-URL attribute values (#2570431)
-          $args[$key] = Html::escape(UrlHelper::stripDangerousProtocols($value));
-          break;
-
         case '!':
           // Pass-through.
           if (!SafeMarkup::isSafe($value)) {
reverted:
--- b/core/modules/responsive_image/src/ResponsiveImageStyleForm.php
+++ a/core/modules/responsive_image/src/ResponsiveImageStyleForm.php
@@ -118,7 +118,7 @@
         );
         $image_style_mapping = $responsive_image_style->getImageStyleMapping($breakpoint_id, $multiplier);
         if (\Drupal::moduleHandler()->moduleExists('help')) {
+          $description = $this->t('See the <a href="!responsive_image_help">Responsive Image help page</a> for information on the sizes attribute.', array('!responsive_image_help' => (\Drupal::url('help.page', array('name' => 'responsive_image')))));
-          $description = $this->t('See the <a href=":responsive_image_help">Responsive Image help page</a> for information on the sizes attribute.', array(':responsive_image_help' => (\Drupal::url('help.page', array('name' => 'responsive_image')))));
         }
         else {
           $description = $this->t('Enable the Help module for more information on the sizes attribute.');
reverted:
--- b/core/modules/system/src/Form/CronForm.php
+++ a/core/modules/system/src/Form/CronForm.php
@@ -107,7 +107,7 @@
     );
 
     $form['cron_url'] = array(
+      '#markup' => '<p>' . t('To run cron from outside the site, go to <a href="!cron">!cron</a>', array('!cron' => $this->url('system.cron', array('key' => $this->state->get('system.cron_key')), array('absolute' => TRUE)))) . '</p>',
-      '#markup' => '<p>' . t('To run cron from outside the site, go to <a href=":cron">:cron</a>', array(':cron' => $this->url('system.cron', array('key' => $this->state->get('system.cron_key')), array('absolute' => TRUE)))) . '</p>',
     );
 
     $form['cron'] = array(
reverted:
--- b/core/modules/system/src/Form/PerformanceForm.php
+++ a/core/modules/system/src/Form/PerformanceForm.php
@@ -141,7 +141,7 @@
     $disabled = !$is_writable;
     $disabled_message = '';
     if (!$is_writable) {
+      $disabled_message = ' ' . t('<strong class="error">Set up the <a href="!file-system">public files directory</a> to make these optimizations available.</strong>', array('!file-system' => $this->url('system.file_system_settings')));
-      $disabled_message = ' ' . t('<strong class="error">Set up the <a href=":file-system">public files directory</a> to make these optimizations available.</strong>', array(':file-system' => $this->url('system.file_system_settings')));
     }
 
     $form['bandwidth_optimization'] = array(
reverted:
--- b/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
+++ a/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
@@ -32,16 +32,6 @@
 
 
   /**
-   * {@inheritdoc}
-   */
-  protected function tearDown() {
-    parent::tearDown();
-
-    UrlHelper::setAllowedProtocols(['http', 'https']);
-  }
-
-
-  /**
    * Helper function to add a string to the safe list for testing.
    *
    * @param string $string
@@ -258,20 +248,6 @@
     $tests['non-url-with-colon'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "llamas: they are not URLs"], 'Hey giraffe <a href=" they are not URLs">MUUUH</a>', '', TRUE];
     $tests['non-url-with-html'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "<span>not a url</span>"], 'Hey giraffe <a href="&lt;span&gt;not a url&lt;/span&gt;">MUUUH</a>', '', TRUE];
 
-    $tests['javascript-protocol-url'] = ['Simple text <a href=":url">giraffe</a>', [':url' => 'javascript://example.com?foo&bar'], 'Simple text <a href="//example.com?foo&amp;bar">giraffe</a>', 'Support for filtering bad protocols', TRUE];
-    $tests['external-url'] = ['Simple text <a href=":url">giraffe</a>', [':url' => 'http://example.com?foo&bar'], 'Simple text <a href="http://example.com?foo&amp;bar">giraffe</a>', 'Support for filtering bad protocols', TRUE];
-    $tests['relative-url'] = ['Simple text <a href=":url">giraffe</a>', [':url' => '/node/1?foo&bar'], 'Simple text <a href="/node/1?foo&amp;bar">giraffe</a>', 'Support for filtering bad protocols', TRUE];
-    $tests['fragment-with-special-chars'] = ['Simple text <a href=":url">giraffe</a>', [':url' => 'http://example.com/#&lt;'], 'Simple text <a href="http://example.com/#&amp;lt;">giraffe</a>', 'Support for filtering bad protocols', TRUE];
-    $tests['mailto-protocol'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => 'mailto:test@example.com'], 'Hey giraffe <a href="mailto:test@example.com">MUUUH</a>', '', TRUE];
-    $tests['js-with-fromCharCode'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "javascript:alert(String.fromCharCode(88,83,83))"], 'Hey giraffe <a href="alert(String.fromCharCode(88,83,83))">MUUUH</a>', '', TRUE];
-
-    // Test some "URL" values that are not RFC 3986 compliant URLs. The result
-    // of SafeMarkup::format() should still be valid HTML (other than the
-    // value of the "href" attribute not being a valid URL), and not
-    // vulnerable to XSS.
-    $tests['non-url-with-colon'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "llamas: they are not URLs"], 'Hey giraffe <a href=" they are not URLs">MUUUH</a>', '', TRUE];
-    $tests['non-url-with-html'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "<span>not a url</span>"], 'Hey giraffe <a href="&lt;span&gt;not a url&lt;/span&gt;">MUUUH</a>', '', TRUE];
-
     return $tests;
   }