When $wgWellFormedXml = false; is set our edittoken changes to:
<input type=hidden value=+\ name=wpEditToken>
The purpose of the \ is to protect against broken bots that mistreat the \" sequence treating it like a character escape.
We probably need to update Html.php so that it double quotes strings that end in a \.
Version: unspecified
Severity: normal