diff --git a/conf/mime.conf b/conf/mime.conf
index 058590a327ac0cb32b066ceb374fd718a5f90b60..8b4142b7965dba3e37eee250664773117ae46927 100644
--- a/conf/mime.conf
+++ b/conf/mime.conf
@@ -17,14 +17,6 @@ ppt     application/mspowerpoint
 rtf     application/msword
 swf     application/x-shockwave-flash
 
-# You should enable HTML and Text uploads only for restricted Wikis.
-# Spammers are known to upload spam pages through unprotected Wikis.
-#html    text/html
-#htm     text/html
-#txt     text/plain
-#conf    text/plain
-#xml     text/xml
-
 rpm     application/octet-stream
 deb     application/octet-stream
 
@@ -40,3 +32,17 @@ odi     application/vnd.oasis.opendocument.image
 odp     application/vnd.oasis.opendocument.presentation
 ods     application/vnd.oasis.opendocument.spreadsheet
 odt     application/vnd.oasis.opendocument.text
+
+# You should enable HTML and Text uploads only for restricted Wikis.
+# Spammers are known to upload spam pages through unprotected Wikis.
+# Note: Enabling HTML opens Cross Site Scripting vulnerabilities
+#       through JavaScript. Only enable this with trusted users. You
+#       need to disable the iexssprotect option additionally to
+#       adding the mime type here
+#html    text/html
+#htm     text/html
+#txt     text/plain
+#conf    text/plain
+#xml     text/xml
+
+