If I am understanding you correctly, the text file is being used to create a form that will only be seen by the person who uploaded the file. If that's the case, then XSS is not a concern since its method of harm is by showing the JavaScript to others. So I guess in this specific case it isn't a threat. I don't know what you're doing to process the form itself, but you may need to handle things on that end (e.g. use placeholders if you are inserting the form input into a database).