diff --git a/lib/saxes.js b/lib/saxes.js
index 8cc7d51e..e1c0143e 100644
--- a/lib/saxes.js
+++ b/lib/saxes.js
@@ -7,6 +7,7 @@ const { XML_1_0: { ED5 } } = require("xmlchars");
 
 const {
   regexes: {
+    CHAR,
     NAME_START_CHAR,
     NAME_CHAR,
   },
@@ -1091,7 +1092,14 @@ ${XML_NAMESPACE}.`);
       return `&${this.entity};`;
     }
 
-    return String.fromCodePoint(num);
+    const char = String.fromCodePoint(num);
+    // The character reference is required to match the CHAR production.
+    if (!CHAR.test(char)) {
+      this.fail("Invalid character entity");
+      return `&${this.entity};`;
+    }
+
+    return char;
   }
 }