a stored xss issue in https://files.slack.com

when making a BoxNote snippet with this xss payload: XSS") ;</script> <img src="<img src=search"/onerror=alert(document.domain)//"> "><marquee> when snippet made: and use the "view raw" xss payload will be executed my ex: link where xss payload executed: https://files.slack.com/files-pri/T027N7MK3-F1NCA92JF/XSS______script___img_src___img_src_search__onerror_alert__Xss__________marquee__boxnote.boxnote that link will be executed in entire team mate that could probably used in exploitation.