diff --git a/nyaa/backend.py b/nyaa/backend.py
index 45ad8e7..2bf9849 100644
--- a/nyaa/backend.py
+++ b/nyaa/backend.py
@@ -1,5 +1,6 @@
 import json
 import os
+import re
 from datetime import datetime, timedelta
 from ipaddress import ip_address
 
@@ -29,6 +30,14 @@ FILENAME_BLACKLIST = [
     'lpt0', 'lpt1', 'lpt2', 'lpt3', 'lpt4', 'lpt5', 'lpt6', 'lpt7', 'lpt8', 'lpt9',
 ]
 
+# Invalid RSS characters regex, used to sanitize some strings
+ILLEGAL_XML_CHARS_RE = re.compile(u'[\x00-\x08\x0b\x0c\x0e-\x1F\uD800-\uDFFF\uFFFE\uFFFF]')
+
+
+def sanitize_string(string, replacement='\uFFFD'):
+    ''' Simply replaces characters based on a regex '''
+    return ILLEGAL_XML_CHARS_RE.sub(replacement, string)
+
 
 class TorrentExtraValidationException(Exception):
     def __init__(self, errors={}):
@@ -200,6 +209,11 @@ def handle_torrent_upload(upload_form, uploading_user=None, fromAPI=False):
     information = (upload_form.information.data or '').strip()
     description = (upload_form.description.data or '').strip()
 
+    # Sanitize fields
+    display_name = sanitize_string(display_name)
+    information = sanitize_string(information)
+    description = sanitize_string(description)
+
     torrent_filesize = info_dict.get('length') or sum(
         f['length'] for f in info_dict.get('files'))
 
diff --git a/nyaa/views/torrents.py b/nyaa/views/torrents.py
index 1503e09..36cc1a4 100644
--- a/nyaa/views/torrents.py
+++ b/nyaa/views/torrents.py
@@ -106,9 +106,9 @@ def edit_torrent(torrent_id):
         # Form has been sent, edit torrent with data.
         torrent.main_category_id, torrent.sub_category_id = \
             form.category.parsed_data.get_category_ids()
-        torrent.display_name = (form.display_name.data or '').strip()
-        torrent.information = (form.information.data or '').strip()
-        torrent.description = (form.description.data or '').strip()
+        torrent.display_name = backend.sanitize_string((form.display_name.data or '').strip())
+        torrent.information = backend.sanitize_string((form.information.data or '').strip())
+        torrent.description = backend.sanitize_string((form.description.data or '').strip())
 
         torrent.hidden = form.is_hidden.data
         torrent.remake = form.is_remake.data