diff --git a/src/java/org/jivesoftware/multiplexer/net/XMLLightweightParser.java b/src/java/org/jivesoftware/multiplexer/net/XMLLightweightParser.java
index e8865de..0b3e4e4 100644
--- a/src/java/org/jivesoftware/multiplexer/net/XMLLightweightParser.java
+++ b/src/java/org/jivesoftware/multiplexer/net/XMLLightweightParser.java
@@ -204,6 +204,10 @@
         boolean isHighSurrogate = false;
         for (int i = 0; i < readByte; i++) {
             ch = buf[i];
+            if (ch < 0x20 && ch != 0x9 && ch != 0xA && ch != 0xD) {
+                //Unicode characters in the range 0x0000-0x001F other than 9, A, and D are not allowed in XML
+                throw new Exception("Disallowed character");
+            }
             if (isHighSurrogate) {
                 if (Character.isLowSurrogate(ch)) {
                     // Everything is fine. Clean up traces for surrogates
diff --git a/test/org/jivesoftware/multiplexer/net/XMLLightweightParserTest.java b/test/org/jivesoftware/multiplexer/net/XMLLightweightParserTest.java
index 2e11578..ccd6271 100644
--- a/test/org/jivesoftware/multiplexer/net/XMLLightweightParserTest.java
+++ b/test/org/jivesoftware/multiplexer/net/XMLLightweightParserTest.java
@@ -11,8 +11,8 @@
 
 package org.jivesoftware.multiplexer.net;
 
-import junit.framework.TestCase;
 import junit.framework.Assert;
+import junit.framework.TestCase;
 import org.apache.mina.common.ByteBuffer;
 import org.dom4j.Element;
 import org.dom4j.io.SAXReader;
@@ -324,6 +324,37 @@
         }
     }
 
+    /**
+     * Check that the parser does not accept characters below 0x20 (except for 9, A, and D)
+     *
+     * @throws Exception
+     */
+    public void testInvalidXML() throws Exception {
+        byte[] one = ("<message><body xmlns=\"http://idetalk.com/namespace\">").getBytes();
+        byte[] two = {(byte) 0x7 , (byte) 0x8};
+        byte[] three = "</body></message>".getBytes();
+
+        byte[] message = new byte[one.length + two.length + three.length];
+        int j = 0;
+        for (byte b : one) {
+            message[j++] = b;
+        }
+        for (byte b : two) {
+            message[j++] = b;
+        }
+        for (byte b : three) {
+            message[j++] = b;
+        }
+
+        ByteBuffer mybuffer = ByteBuffer.wrap(message);
+        try {
+            parser.read(mybuffer);
+            fail("Failed to detect a low surrogate char without a preceding high surrogate");
+        } catch (Exception e) {
+            assertEquals("Incorrect exception was received", "Found low surrogate char without a preceding high surrogate", e.getMessage());
+        }
+    }
+
     public void testRead() {
         try {
             XMLLightweightParser parser = new XMLLightweightParser("UTF-8");