@@ -200,10 +200,11 @@
 		[namespaces addObject: dict];
 
 		acceptProlog = YES;
 		lineNumber = 1;
 		encoding = OF_STRING_ENCODING_UTF_8;
+		depthLimit = 32;
 
 		objc_autoreleasePoolPop(pool);
 	} @catch (id e) {
 		[self release];
 		@throw e;
@@ -233,10 +234,20 @@
 
 - (void)setDelegate: (id <OFXMLParserDelegate>)delegate_
 {
 	delegate = delegate_;
 }
+
+- (size_t)depthLimit
+{
+	return depthLimit;
+}
+
+- (void)setDepthLimit: (size_t)depthLimit_
+{
+	depthLimit = depthLimit_;
+}
 
 - (void)parseBuffer: (const char*)buffer
 	     length: (size_t)length
 {
 	size_t i, last = 0;
@@ -362,10 +373,15 @@
 		*last = *i + 1;
 		state = OF_XMLPARSER_IN_EXCLAMATIONMARK;
 		acceptProlog = NO;
 		break;
 	default:
+		if (depthLimit > 0 && [previous count] >= depthLimit)
+			@throw [OFMalformedXMLException
+			    exceptionWithClass: [self class]
+					parser: self];
+
 		state = OF_XMLPARSER_IN_TAG_NAME;
 		acceptProlog = NO;
 		(*i)--;
 		break;
 	}