embed javascript into html files
I run a file storage service which allow users to upload files.
Have been rejecting files that can harm the server.
A user suggested to deny html pages since javascript can be embed inside them; would be possible to do cross-site scripting.
I have no knowledge about JS and cross-site scripting but my server admins did something to prevent execution of files (files is also is placed outside public_html).
Should I disable html files from being uploaded?
