Content-type and filename extensions for xss

real content-type

chromium && firefox

• text/html
• text/xsl
• text/xml
• application/xml
• image/svg+xml

only firefox mozilla

• application/mathml+xml
• application/rdf+xml

tricks with comma or round bracket

• text/html(any
• any,text/html

file extensions

chromium && firefox

• html
• htm
• xml
• xhtml
• svg
• svgz
• xht
• xsl

only firefox

• ehtml
• shtml
• xbl
• rdf
• xdr