The xmldoublequote parameter (described in bug 11401) is supposed to double-escape everything in the XML output. However, in MediaWiki 1.16 and newer, specifying it seems to have no effect.
This is easily reproduced using the provided URL. The expected output is that of MediaWiki 1.15 and older.
Actual: <page title="&<>" invalid="" />
Expected: <page title="&amp;&lt;&gt;" invalid="" />
Version: 1.21.x
Severity: minor
URL: https://www.mediawiki.org/w/api.php?action=query&titles=%26%3C%3E&xmldoublequote