Tested this with 8.0.5, ran into this with Views field rewriting when using a custom Twig function that returns a custom 'Time' element. The Twig function works well enough in a template, but Views has a #post_render closure (in \Drupal\views\Plugin\views\PluginBase::viewsTokenReplace()) that runs it through Xss::filterAdmin() again.
Psy Shell v0.7.2 (PHP 5.6.19 — cli) by Justin Hileman
>>> \Drupal\Component\Utility\Xss::filterAdmin('<time datetime="2016-11-10T00:00:00-08:00">November 10 2016</time>')
=> "<time datetime="00">November 10 2016</time>"
I'm not sure what it's trying to filter out, but this is definitely not desired behavior. Seems like it should either strip the attribute entirely, or leave it untouched instead of altering it.