Try giving the input element an 'accept' attribute with comma separated MIME types, like "text/html", "image/png", "image/gif", "video/mpeg", "audio/basic", "text/tcl", "text/javascript", and "text/vbscript".
I don't remember if you can still select the '*' option to have all files displayed, but it should stop most people from selecting the wrong file by mistake. You could also compare the value of the file field to a regular expression checking that on of the allowed file extensions are present. But that too gives no guarantees it's actually not something else in the file.
The safest way to do any security thing like this is doing it on the server, and returning an error if the wrong file type was uploaded. There you also have access to the contents of the file so you can check headers etc.