diff --git a/requirements.txt b/requirements.txt
index 65d7ffc..f2dcb5d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,2 @@
 requests>=2.25.1
+defusedxml>=0.6.0; python_version < '3.9'
diff --git a/rssparser.py b/rssparser.py
index 6fd0312..0edff0c 100644
--- a/rssparser.py
+++ b/rssparser.py
@@ -14,6 +14,13 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from xml.dom import minidom
+defusedxmlSupported = True
+try:
+    from defusedxml.minidom import parse, parseString
+except:
+    parse = minidom.parse
+    parseString = minidom.parseString
+    defusedxmlSupported = False
 from html.parser import HTMLParser
 from html import escape, unescape
 import sys
@@ -351,9 +358,9 @@ class RSSParser:
                 re = requests.get(fn)
                 re.encoding = 'utf8'
                 if re.status_code == 200:
-                    self.xmldoc = minidom.parseString(re.text)
+                    self.xmldoc = parseString(re.text)
             else:
-                self.xmldoc = minidom.parse(fn)
+                self.xmldoc = parse(fn)
             self.normalize()
             return True
         except: