diff --git a/src/Query.php b/src/Query.php
index 3a17ec4..2073130 100644
--- a/src/Query.php
+++ b/src/Query.php
@@ -238,11 +238,17 @@ public function queryXpath($xpathQuery, $query = null)
         } else {
             $domDoc = new DOMDocument('1.0', $encoding);
         }
-
         $type   = $this->getDocumentType();
         switch ($type) {
             case self::DOC_XML:
                 $success = $domDoc->loadXML($document);
+                foreach ($domDoc->childNodes as $child) {
+                    if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                        throw new Exception\RuntimeException(
+                            'Invalid XML: Detected use of illegal DOCTYPE'
+                        );
+                    }
+                }
                 break;
             case self::DOC_HTML:
             case self::DOC_XHTML:
diff --git a/test/QueryTest.php b/test/QueryTest.php
index 1900ce3..071d3d2 100644
--- a/test/QueryTest.php
+++ b/test/QueryTest.php
@@ -342,4 +342,18 @@ public function testXhtmlDocumentWithXmlAndDoctypeDeclaration()
         $this->query->setDocument($xhtmlWithXmlDecl, 'utf-8');
         $this->assertEquals(1, $this->query->execute('//p')->count());
     }
+
+    public function testLoadingXmlContainingDoctypeShouldFailToPreventXxeAndXeeAttacks()
+    {
+        $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE results [<!ENTITY harmless "completely harmless">]>
+<results>
+    <result>This result is &harmless;</result>
+</results>
+XML;
+        $this->query->setDocumentXml($xml);
+        $this->setExpectedException("\Zend\Dom\Exception\RuntimeException");
+        $this->query->queryXpath('/');
+    }
 }