diff --git a/jadx-core/src/main/java/jadx/core/deobf/FileTypeDetector.java b/jadx-core/src/main/java/jadx/core/deobf/FileTypeDetector.java
index 8bd5bb4ee..4af318534 100644
--- a/jadx-core/src/main/java/jadx/core/deobf/FileTypeDetector.java
+++ b/jadx-core/src/main/java/jadx/core/deobf/FileTypeDetector.java
@@ -83,9 +83,12 @@ public class FileTypeDetector {
 		try {
 			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 			factory.setNamespaceAware(true);
+			factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
 			factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
 			factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
 			factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+			factory.setXIncludeAware(false);
+			factory.setExpandEntityReferences(false);
 
 			DocumentBuilder builder = factory.newDocumentBuilder();
 			Document doc = builder.parse(new java.io.ByteArrayInputStream(data));