File Upload Functionality
<input> element with
type="file" lets user choose one or more files from their device storage. Then, the files can be uploaded to a remote server.
An unrestricted file upload functionality can cause an arbitrary file upload vulnerability where malicious users can upload (and execute) any file to the server.
Restrict file type size that users can select. Make sure the uploaded files are not publicly accessible on the web.