Fix #1870 - Strip control characters out of strings in AtomSerializer

app/lib/atom_serializer.rb

@@ -311,11 +311,17 @@ class AtomSerializer
 
   def append_element(parent, name, content = nil, attributes = {})
     element = Ox::Element.new(name)
-    attributes.each { |k, v| element[k] = v.to_s }
+    attributes.each { |k, v| element[k] = sanitize_str(v) }
-    element << content.to_s unless content.nil?
+    element << sanitize_str(content) unless content.nil?
     parent  << element
   end
 
+  def sanitize_str(raw_str)
+    str = raw_str.to_s
+    ["\v", "\f", "\b"].each { |char| str = str.delete(char) }
+    str
+  end
+
   def add_namespaces(parent)
     parent['xmlns']          = TagManager::XMLNS
     parent['xmlns:thr']      = TagManager::THR_XMLNS