Scripts are permitted in html uploads (all content is iframed and served from a separate domain), though I will go through and remove blank directories for now.
I’ll likely add checks for an index.html for any upload and turn off indexing in the future to prevent these.