diff --git a/sawmill-core/src/test/java/io/logz/sawmill/utilities/DocumentBuilderProviderTest.java b/sawmill-core/src/test/java/io/logz/sawmill/utilities/DocumentBuilderProviderTest.java
index 11b9a0cc..b9ba503d 100644
--- a/sawmill-core/src/test/java/io/logz/sawmill/utilities/DocumentBuilderProviderTest.java
+++ b/sawmill-core/src/test/java/io/logz/sawmill/utilities/DocumentBuilderProviderTest.java
@@ -8,7 +8,8 @@
 
 public class DocumentBuilderProviderTest {
 
-    private static final String XML_FILE = "/test_xml_injection.xml";
+    private static final String XML_WITH_FILE_DOCTYPE = "/test_xml_file_injection.xml";
+    private static final String XML_WITH_WEB_DOCTYPE = "/test_xml_web_injection.xml";
 
     @Test
     public void testDocumentBuilderProviderReturnsNonNullEntity() {
@@ -18,8 +19,17 @@ public void testDocumentBuilderProviderReturnsNonNullEntity() {
     }
 
     @Test
-    public void testParseXml() {
-        InputStream xmlFile = DocumentBuilderProviderTest.class.getResourceAsStream(XML_FILE);
+    public void testParseXmlWithBlockedFileDoctype() {
+        assertXmlWithForbiddenDocTypeThrowsException(XML_WITH_FILE_DOCTYPE);
+    }
+
+    @Test
+    public void testParseXmlWithBlockedWebDoctype() {
+        assertXmlWithForbiddenDocTypeThrowsException(XML_WITH_WEB_DOCTYPE);
+    }
+
+    private void assertXmlWithForbiddenDocTypeThrowsException(String xml) {
+        InputStream xmlFile = DocumentBuilderProviderTest.class.getResourceAsStream(xml);
         assertThatThrownBy(() -> new DocumentBuilderProvider().provide().parse(xmlFile))
                 .hasMessageStartingWith("DOCTYPE is disallowed");
     }
diff --git a/sawmill-core/src/test/resources/test_xml_injection.xml b/sawmill-core/src/test/resources/test_xml_file_injection.xml
similarity index 100%
rename from sawmill-core/src/test/resources/test_xml_injection.xml
rename to sawmill-core/src/test/resources/test_xml_file_injection.xml
diff --git a/sawmill-core/src/test/resources/test_xml_web_injection.xml b/sawmill-core/src/test/resources/test_xml_web_injection.xml
new file mode 100644
index 00000000..5e89ea87
--- /dev/null
+++ b/sawmill-core/src/test/resources/test_xml_web_injection.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE foo [ <!ENTITY xxe SYSTEM "https://repo1.maven.org/maven2/io/logz/sawmill/sawmill/2.0.18/sawmill-2.0.18.pom"> ]>
+<stockCheck><productId>&xxe;</productId></stockCheck>
\ No newline at end of file
