diff --git a/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java b/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
index e848e383cd..5a4ca30c49 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
@@ -43,6 +43,9 @@ public class POIXMLTypeLoader {
         DEFAULT_XML_OPTIONS.setCharacterEncoding("UTF-8");
         DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(true);
         DEFAULT_XML_OPTIONS.setEntityExpansionLimit(1);
+        DEFAULT_XML_OPTIONS.setLoadStripProcinsts(true);
+        DEFAULT_XML_OPTIONS.setLoadStripComments(true);
+
         // JAXP is used for parsing
         // so only user code using XmlObject/XmlToken.Factory.parse
         // directly can bypass the entity check, which is probably unlikely (... and not within our responsibility :))