diff --git a/src/PhpSpreadsheet/Reader/Security/XmlScanner.php b/src/PhpSpreadsheet/Reader/Security/XmlScanner.php
index a9093cb4..44324c7c 100644
--- a/src/PhpSpreadsheet/Reader/Security/XmlScanner.php
+++ b/src/PhpSpreadsheet/Reader/Security/XmlScanner.php
@@ -27,6 +27,8 @@ class XmlScanner
      */
     private $pattern;
 
+    private $callback;
+
     private function __construct($pattern = '<!DOCTYPE')
     {
         $this->pattern = $pattern;
@@ -77,6 +79,11 @@ class XmlScanner
         return false;
     }
 
+    public function setAdditionalCallback(callable $callback)
+    {
+        $this->callback = $callback;
+    }
+
     /**
      * Scan the XML for use of <!ENTITY to prevent XXE/XEE attacks.
      *
@@ -102,6 +109,10 @@ class XmlScanner
             throw new Reader\Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
         }
 
+        if ($this->callback !== null && is_callable($this->callback)) {
+            $xml = call_user_func($this->callback, $xml);
+        }
+
         return $xml;
     }
 
diff --git a/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php b/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php
index ef2126ee..12ec9461 100644
--- a/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php
+++ b/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php
@@ -75,4 +75,29 @@ class XmlScannerTest extends TestCase
         //    Must return a null...
         $this->assertNull($scanner);
     }
+
+    /**
+     * @dataProvider providerValidXMLForCallback
+     *
+     * @param mixed $filename
+     */
+    public function testSecurityScanWithCallback($filename, $expectedResult)
+    {
+        $fileReader = new Xlsx();
+        $scanner = $fileReader->getSecuritySCanner();
+        $scanner->setAdditionalCallback('strrev');
+        $xml = $scanner->scanFile($filename);
+
+        $this->assertEquals(strrev($expectedResult), $xml);
+    }
+
+    public function providerValidXMLForCallback()
+    {
+        $tests = [];
+        foreach (glob(__DIR__ . '/../../../data/Reader/Xml/SecurityScannerWithCallback*.xml') as $file) {
+            $tests[basename($file)] = [realpath($file), file_get_contents($file)];
+        }
+
+        return $tests;
+    }
 }
diff --git a/tests/data/Reader/Xml/SecurityScannerWithCallbackExample.xml b/tests/data/Reader/Xml/SecurityScannerWithCallbackExample.xml
new file mode 100644
index 00000000..b7954093
--- /dev/null
+++ b/tests/data/Reader/Xml/SecurityScannerWithCallbackExample.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<note>
+    <to>Users</to>
+    <from>Mark</from>
+    <heading>Reminder</heading>
+    <body>Don't forget PHPSpreadsheet Security!</body>
+</note>