User input like ü in URL field is not escaped in RSS (XML), leading to potentially broken feeds. Using htmlspecialchars would not help because it does not remove chars that are not allowed in XML and it does not correctly escape ">" or "<" and it does not even check if its escapings are defined in the resulting XML.
The suggested solution is to put conent into CDATA-block!
Steps to reproduce:
Install example client
Go to Content -> Articles - System pages -> RSS creator
Enter special chars into RSS description
IE 8 will choke on wrong characters such as ü in output.