How to prevent downloading executable files via input file?
The input file has an accept attribute to which we can add file extensions that can be uploaded.
Checking can be done by redoing file uploads with ajax and sorting out what was in the input.
But you can do this at the front only to warn the user "hey, dude, you attached some garbage here." Such checks do not provide real protection if this form is attacked - not only without a bypass, but generally without a browser in which it could work.Lillian Pratt
To place the code, please use CodePen or similar tool. Thanks you!