diff --git a/core/modules/system/src/Tests/Form/ModulesListFormWebTest.php b/core/modules/system/src/Tests/Form/ModulesListFormWebTest.php
index 489f6ff..c656bb4 100644
--- a/core/modules/system/src/Tests/Form/ModulesListFormWebTest.php
+++ b/core/modules/system/src/Tests/Form/ModulesListFormWebTest.php
@@ -19,7 +19,7 @@ class ModulesListFormWebTest extends WebTestBase {
   /**
    * {@inheritdoc}
    */
-  public static $modules = array('system_test', 'help');
+  public static $modules = array('system_test', 'help', 'module_form_xss_test');
 
   /**
    * {@inheritdoc}
@@ -49,6 +49,9 @@ public function testModuleListForm() {
 
     // Check that system_test's help link was rendered correctly.
     $this->assertFieldByXPath("//a[contains(@href, '/admin/help/system_test') and @title='Help']");
+
+    // Checks for a XSS attack in a module description.
+    $this->assertEscaped('Support module for module form XSS testing. <script>alert("hello");</script>');
   }
 
 }
diff --git a/core/modules/system/system.admin.inc b/core/modules/system/system.admin.inc
index 1141a35..7b7677a 100644
--- a/core/modules/system/system.admin.inc
+++ b/core/modules/system/system.admin.inc
@@ -229,8 +229,16 @@ function theme_system_modules_details($variables) {
 
     // Add the module label and expand/collapse functionality.
     $id = Html::getUniqueId('module-' . $key);
-    $col2 = '<label id="' . $id . '" for="' . $module['enable']['#id'] . '" class="module-name table-filter-text-source">' . drupal_render($module['name']) . '</label>';
-    $row[] = array('class' => array('module'), 'data' => SafeMarkup::set($col2));
+    $col2 = [
+      '#type' => 'inline_template',
+      '#template' => '<label id="{{ id }}" for="{{ enable_id }}" class="module-name table-filter-text-source">{{ module_name }}</label>',
+      '#context' => [
+        'id' => $id,
+        'enable_id' => $module['enable']['#id'],
+        'module_name' => $module['name'],
+      ],
+    ];
+    $row[] = ['class' => ['module'], 'data' => $col2];
 
     // Add the description, along with any modules it requires.
     $description = '';
@@ -257,14 +265,18 @@ function theme_system_modules_details($variables) {
       $description .= $links;
       $description .= '</div>';
     }
+    $title = [
+      '#type' => 'inline_template',
+      '#template' => '<span class="text"> {{ module_description }}</span>',
+      '#context' => ['module_description' => $module['description']],
+    ];
     $details = array(
       '#type' => 'details',
-      '#title' => SafeMarkup::set('<span class="text"> ' . drupal_render($module['description']) . '</span>'),
+      '#title' => $title,
       '#attributes' => array('id' => $module['enable']['#id'] . '-description'),
       '#description' => $description,
     );
-    $col4 = drupal_render($details);
-    $row[] = array('class' => array('description', 'expand'), 'data' => $col4);
+    $row[] = ['class' => ['description', 'expand'], 'data' => $details];
 
     $rows[] = $module['#attributes'] + array('data' => $row);
   }
diff --git a/core/modules/system/tests/modules/module_form_xss_test/module_form_xss_test.info.yml b/core/modules/system/tests/modules/module_form_xss_test/module_form_xss_test.info.yml
new file mode 100644
index 0000000..1ac3bfb
--- /dev/null
+++ b/core/modules/system/tests/modules/module_form_xss_test/module_form_xss_test.info.yml
@@ -0,0 +1,6 @@
+name: 'Module form XSS test'
+type: module
+description: 'Support module for module form XSS testing. <script>alert("hello");</script>'
+package: Testing
+version: VERSION
+core: 8.x