DVWA file upload background

I’ve just started in penetration testing with metasploitable and currently trying to learn file upload vulnerability present in DVWA module. I know that somehow upload is preventing files other than images to be uploaded but I don’t understand how. I tried to look page source of ‘upload file’ webpage but I don’t see any javascripts working there. Webpage only refers to a script which also doesn’t seem to have any filters for file being uploaded. Can someone please explain what exactly in the html or JavaScript of webpage is working as a filter?