Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php	(revision 23402)
+++ wp-includes/formatting.php	(working copy)
@@ -597,6 +597,30 @@
 }
 
 /**
+ * Removes otherwise valid utf8 characters that break XML output.
+ *
+ * When outputting user supplied content in an XML context we should strip these control and other unwanted characters - they are unprintable and just break feed parsers.
+ *
+ * @since 3.6.0
+ *
+ * @param string $string User supplied content that may contain dis-allowed characters.
+ * @return string Filtered string with space in place of removed characters.
+ */
+
+function strip_for_xml( $string ) {
+    // Store the site charset as a static to avoid multiple calls to get_option()
+    static $is_utf8;
+    if ( ! isset( $is_utf8 ) ) {
+        $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) );
+    }
+    if ( ! $is_utf8 ) {
+        return $string;
+    }
+
+    return preg_replace( '/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $string );
+}
+
+/**
  * Converts all accent characters to ASCII characters.
  *
  * If there are no accent characters, then the string given is just returned.