From 86e80a9164f37d2c89079be3b6f02a348abe7e86 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Wed, 6 Aug 2025 18:29:04 +0100
Subject: [PATCH] change xml options (#875)

---
 .../src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java b/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
index e848e383cd..5a4ca30c49 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
@@ -43,6 +43,9 @@ public class POIXMLTypeLoader {
         DEFAULT_XML_OPTIONS.setCharacterEncoding("UTF-8");
         DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(true);
         DEFAULT_XML_OPTIONS.setEntityExpansionLimit(1);
+        DEFAULT_XML_OPTIONS.setLoadStripProcinsts(true);
+        DEFAULT_XML_OPTIONS.setLoadStripComments(true);
+
         // JAXP is used for parsing
         // so only user code using XmlObject/XmlToken.Factory.parse
         // directly can bypass the entity check, which is probably unlikely (... and not within our responsibility :))