This can lead to potential xss attack (unrealistic, but still a security flaw).
Attach a file by drag & drop or click to upload