In the Site Settings, the Discourse administrator can configure a list of allowed file types for uploaded files.
Which file types should be explicitly disallowed - such that we prevent (or at least pop up VERY SEVERE WARNINGS) administrators from even allowing them?
- .htm, .html: to prevent XSS attacks