I think it's important to point out when you say that you need to encode '&' characters in a HTML link attribute () that you are referring only to the ampersands of the URI syntax, not those found in the link (which must be percent-encoded).
In Django, you would write something like this: Nice summary.
So its ampersand is percent-encoded as & and this component becomes "rock&roll".
Any ampersand in the text itself, such as "rock&roll", should always be percent-encoded, not HTML-escaped.
It also defines the media types application/xml and text/xml, which say only that the data is in XML, and nothing about its semantics.