diff --git a/lib/pleroma/web/xml.ex b/lib/pleroma/web/xml.ex
index f687f78df..4151e00f5 100644
--- a/lib/pleroma/web/xml.ex
+++ b/lib/pleroma/web/xml.ex
@@ -29,7 +29,10 @@ def parse_document(text) do
       {doc, _rest} =
         text
         |> :binary.bin_to_list()
-        |> :xmerl_scan.string(quiet: true)
+        |> :xmerl_scan.string(
+          quiet: true,
+          fetch_fun: fn _, _ -> raise "Resolving external entities not supported" end
+        )
 
       {:ok, doc}
     rescue