diff --git a/core/lib/Drupal/Core/Controller/TitleResolverInterface.php b/core/lib/Drupal/Core/Controller/TitleResolverInterface.php
index bee43c53bfe4dd0652c19375a671bd4d6aa09e6d..810309fb8f89aa1192c1b9d01c01a4515c62895a 100644
--- a/core/lib/Drupal/Core/Controller/TitleResolverInterface.php
+++ b/core/lib/Drupal/Core/Controller/TitleResolverInterface.php
@@ -15,7 +15,13 @@
interface TitleResolverInterface {
/**
- * Returns the title from a static or dynamic title for the route.
+ * Returns a static or dynamic title for the route.
+ *
+ * The returned title string must be safe to output in HTML. For example, an
+ * implementation should call \Drupal\Component\Utility\String::checkPlain()
+ * or \Drupal\Component\Utility\Xss::filterAdmin() on the string, or use
+ * appropriate placeholders to sanitize dynamic content inside a localized
+ * string before returning it. The title may contain HTML such as EM tags.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object passed to the title callback.
diff --git a/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php b/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php
index ccf3ca32c8084eab1f935d7924227c4de904e9ed..79d77880bd8fe97d3c7783ef52d3c3479a927a90 100644
--- a/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php
+++ b/core/modules/system/lib/Drupal/system/PathBasedBreadcrumbBuilder.php
@@ -150,7 +150,7 @@ public function build(array $attributes) {
}
// @todo Replace with a #type => link render element so that the alter
// hook can work with the actual data.
- $links[] = $this->l($title, $route_request->attributes->get(RouteObjectInterface::ROUTE_NAME), $route_request->attributes->get('_raw_variables')->all());
+ $links[] = $this->l($title, $route_request->attributes->get(RouteObjectInterface::ROUTE_NAME), $route_request->attributes->get('_raw_variables')->all(), array('html' => TRUE));
}
}
diff --git a/core/modules/system/tests/Drupal/system/Tests/Breadcrumbs/PathBasedBreadcrumbBuilderTest.php b/core/modules/system/tests/Drupal/system/Tests/Breadcrumbs/PathBasedBreadcrumbBuilderTest.php
index f7c86a2d43845e363cc62706f3004977c0fea9a7..65f2a628dd89c2da83d7208cd14fbcddd9d5b11b 100644
--- a/core/modules/system/tests/Drupal/system/Tests/Breadcrumbs/PathBasedBreadcrumbBuilderTest.php
+++ b/core/modules/system/tests/Drupal/system/Tests/Breadcrumbs/PathBasedBreadcrumbBuilderTest.php
@@ -190,7 +190,7 @@ public function testBuildWithTwoPathElements() {
$link_front = '<a href="/">Home</a>';
$this->linkGenerator->expects($this->at(0))
->method('generate')
- ->with('Example', 'example', array(), array())
+ ->with('Example', 'example', array(), array('html' => TRUE))
->will($this->returnValue($link_example));
$this->linkGenerator->expects($this->at(1))
->method('generate')
@@ -241,12 +241,12 @@ public function testBuildWithThreePathElements() {
$link_front = '<a href="/">Home</a>';
$this->linkGenerator->expects($this->at(0))
->method('generate')
- ->with('Bar', 'example_bar', array(), array())
+ ->with('Bar', 'example_bar', array(), array('html' => TRUE))
->will($this->returnValue($link_example_bar));
$this->linkGenerator->expects($this->at(1))
->method('generate')
- ->with('Example', 'example', array(), array())
+ ->with('Example', 'example', array(), array('html' => TRUE))
->will($this->returnValue($link_example));
$this->linkGenerator->expects($this->at(2))
->method('generate')
@@ -364,7 +364,7 @@ public function testBuildWithUserPath() {
$link_front = '<a href="/">Home</a>';
$this->linkGenerator->expects($this->at(0))
->method('generate')
- ->with('Admin', 'user_page', array(), array())
+ ->with('Admin', 'user_page', array(), array('html' => TRUE))
->will($this->returnValue($link_user));
$this->linkGenerator->expects($this->at(1))