diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index 9d651e3..fb53987 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -1243,7 +1243,7 @@ function template_preprocess_file_link(&$variables) {
   $variables['attributes'] = new Attribute($variables['attributes']);
   $variables['attributes']->addClass($classes);
 
-  $variables['link'] = \Drupal::linkGenerator()->generate($link_text, Url::fromUri($url, $options));
+  $variables['link'] = \Drupal::l($link_text, $url, $options);
 }
 
 /**
diff --git a/core/modules/system/src/Tests/Common/UrlTest.php b/core/modules/system/src/Tests/Common/UrlTest.php
index e924464..92342d2 100644
--- a/core/modules/system/src/Tests/Common/UrlTest.php
+++ b/core/modules/system/src/Tests/Common/UrlTest.php
@@ -32,7 +32,12 @@ class UrlTest extends WebTestBase {
    * Confirms that invalid URLs are filtered in link generating functions.
    */
   function testLinkXSS() {
+    // Test _l().
+    $text = $this->randomMachineName();
     $path = "<SCRIPT>alert('XSS')</SCRIPT>";
+    $link = _l($text, $path);
+    $sanitized_path = check_url(_url($path));
+    $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by _l().', array('@path' => $path)));
 
     // Test _url().
     $link = _url($path);