Seems it is possible for a non-admin user (a student for example) to upload a .PDF file that contains Javascript and other potentially manipulative elements.
What can I do to prevent this? I still need students to upload pdf files but I need to prevent this kind of content in them.
I'm current using Moodle 3.9.6 at the moment and cannot upgrade to newer versions of Moodle.