In this article I will describe how to prevent Saxon from parsing external entities to avoid XXE attacks. Basically you should be very careful when parsing XML files from untrusted sources. Otherwise this can lead to serious security issues.