diff --git a/org/w3c/css/css/XMLStyleSheetHandler.java b/org/w3c/css/css/XMLStyleSheetHandler.java
index 3f48fbd17..11e550885 100644
--- a/org/w3c/css/css/XMLStyleSheetHandler.java
+++ b/org/w3c/css/css/XMLStyleSheetHandler.java
@@ -549,6 +549,9 @@ void parse(String urlString, URLConnection connection) throws Exception {
 
             xmlParser.setFeature("http://xml.org/sax/features/validation",
                     false);
+            xmlParser.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            xmlParser.setFeature("http://xml.org/sax/features/external-general-entities", false);
+
             xmlParser.setErrorHandler(this);
             xmlParser.setEntityResolver(this);
         } catch (Exception ex) {
@@ -605,6 +608,8 @@ public void parse(InputSource source, String fileName) throws IOException, SAXEx
                     this);
             xmlParser.setFeature("http://xml.org/sax/features/namespace-prefixes", true);
             xmlParser.setFeature("http://xml.org/sax/features/validation", false);
+            xmlParser.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            xmlParser.setFeature("http://xml.org/sax/features/external-general-entities", false);
         } catch (Exception ex) {
             ex.printStackTrace();
         }