diff --git a/core/lib/Drupal/Core/Render/Renderer.php b/core/lib/Drupal/Core/Render/Renderer.php
index e0253b6..5266970 100644
--- a/core/lib/Drupal/Core/Render/Renderer.php
+++ b/core/lib/Drupal/Core/Render/Renderer.php
@@ -233,9 +233,8 @@ protected function doRender(&$elements, $is_root_call = FALSE) {
       $elements['#children'] = '';
     }
 
-    // @todo Simplify after https://drupal.org/node/2273925
     if (isset($elements['#markup'])) {
-      $elements['#markup'] = SafeMarkup::set($elements['#markup']);
+      $elements['#markup'] = SafeMarkup::checkAdminXss($elements['#markup']);
     }
 
     // Assume that if #theme is set it represents an implemented hook.
diff --git a/core/modules/system/src/Tests/Common/RenderTest.php b/core/modules/system/src/Tests/Common/RenderTest.php
index b137d19..948cc19 100644
--- a/core/modules/system/src/Tests/Common/RenderTest.php
+++ b/core/modules/system/src/Tests/Common/RenderTest.php
@@ -95,6 +95,13 @@ function testDrupalRenderBasics() {
         ),
         'expected' => '',
       ),
+      array(
+        'name' => 'XSS filtered',
+        'value' => array(
+          '#markup' => 'This is <script>alert(\'XSS\')</script> test',
+        ),
+        'expected' => 'This is alert(\'XSS\') test',
+      ),
 
       // Test that #theme and #theme_wrappers can co-exist on an element.
       array(