The current toXML method escapes for XML 1.0. Specifically the difference is that XML1.1 allows all characters [#x1-#x1F], whereas XML 1.0 only allows some of these.

As an aside, the current XML encoder has a comment that these invalid characters should be replaced with a � character, however the escaper actually replaces these all with a space character. I was under the impression that these methods didn't do sanitisation, they only did escaping?