XHTML validity of backend when sys_action is loaded
sys_action is able to generate links for the backend.php toolbar. The links with a href and "&" parameters, but this is not properly escaped (htmlspecialchars missing).
Solution is to escape the links, so that that part gets XHTML valid.
Problem is there since 4.3 where the toolbar was added.
(issue imported from #M15635)