diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index edd5b783a..3eed7bec8 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -781,6 +781,118 @@ Past known protocols: `mailto://`, `//x:1/`, `ws://`, `wss://`, _empty Location
 
 If you are able to indicate the **callback** that javascript is going to **execute** limited to those chars. [**Read this section of this post**](./#javascript-function) to find how to abuse this behaviour.
 
+### Valid `<script>` Content-Types to XSS
+
+(From [**here**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) If you try to load a script with a **content-type** such as `application/octet-stream`, Chrome will throw following error:
+
+> Refused to execute script from ‘[https://uploader.c.hc.lc/uploads/xxx'](https://uploader.c.hc.lc/uploads/xxx') because its MIME type (‘application/octet-stream’) is not executable, and strict MIME type checking is enabled.
+
+The only **Content-Type**s that will support Chrome to run a **loaded script** are the ones inside the const **`kSupportedJavascriptTypes`** from [https://chromium.googlesource.com/chromium/src.git/+/refs/tags/103.0.5012.1/third\_party/blink/common/mime\_util/mime\_util.cc](https://chromium.googlesource.com/chromium/src.git/+/refs/tags/103.0.5012.1/third\_party/blink/common/mime\_util/mime\_util.cc)
+
+```c
+const char* const kSupportedJavascriptTypes[] = {
+    "application/ecmascript",
+    "application/javascript",
+    "application/x-ecmascript",
+    "application/x-javascript",
+    "text/ecmascript",
+    "text/javascript",
+    "text/javascript1.0",
+    "text/javascript1.1",
+    "text/javascript1.2",
+    "text/javascript1.3",
+    "text/javascript1.4",
+    "text/javascript1.5",
+    "text/jscript",
+    "text/livescript",
+    "text/x-ecmascript",
+    "text/x-javascript",
+};
+
+```
+
+### Script Types to XSS
+
+(From [**here**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) So, which types could be indicated to load a script?
+
+```html
+<script type="???"></script>
+```
+
+The answer is:
+
+* **module** (default, nothing to explain)
+* ****[**webbundle**](https://web.dev/web-bundles/): Web Bundles is a feature that you can package a bunch of data (HTML, CSS, JS…) together into a **`.wbn`** file.
+
+```html
+<script type="webbundle">
+{
+   "source": "https://example.com/dir/subresources.wbn",
+   "resources": ["https://example.com/dir/a.js", "https://example.com/dir/b.js", "https://example.com/dir/c.png"]
+}
+</script>
+The resources are loaded from the source .wbn, not accessed via HTTP
+```
+
+* ****[**importmap**](https://github.com/WICG/import-maps)**:** Allows to improve the import syntax
+
+```html
+<script type="importmap">
+{
+  "imports": {
+    "moment": "/node_modules/moment/src/moment.js",
+    "lodash": "/node_modules/lodash-es/lodash.js"
+  }
+}
+</script>
+
+<!-- With importmap you can do the following -->
+<script>
+import moment from "moment";
+import { partition } from "lodash";
+</script>
+```
+
+This behaviour was used in [**this writeup**](https://github.com/zwade/yaca/tree/master/solution) to remap a library to eval to abuse it can trigger XSS.
+
+* ****[**speculationrules**](https://github.com/WICG/nav-speculation)**:** This feature is mainly to solve some problems caused by pre-rendering. It works like this:
+
+```html
+<script type="speculationrules">
+{
+  "prerender": [
+    {"source": "list",
+     "urls": ["/page/2"],
+     "score": 0.5},
+    {"source": "document",
+     "if_href_matches": ["https://*.wikipedia.org/**"],
+     "if_not_selector_matches": [".restricted-section *"],
+     "score": 0.1}
+  ]
+}
+</script>
+```
+
+### Web Content-Types to XSS
+
+(From [**here**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) The following content types can execute XSS in all browsers:
+
+* text/html
+* application/xhtml+xml
+* application/xml
+* text/xml
+* image/svg+xml
+* application/rss+xml (off)
+* application/atom+xml (off)
+
+In other browsers other **`Content-Types`** can be used to execute arbitrary JS, check: [https://github.com/BlackFan/content-type-research/blob/master/XSS.md](https://github.com/BlackFan/content-type-research/blob/master/XSS.md)
+
+### Special Replacement Patterns
+
+When something like **`"some {{template}} data".replace("{{template}}", <user_input>)`** is used. The attacker could use [**special string replacements**](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global\_Objects/String/replace#specifying\_a\_string\_as\_the\_replacement) to try to bypass some protections: ``"123 {{template}} 456".replace("{{template}}", JSON.stringify({"name": "$'$`alert(1)//"}))``
+
+For example in [**this writeup**](https://gitea.nitowa.xyz/nitowa/PlaidCTF-YACA), this was used to **scape a JSON string** inside a script and execute arbitrary code.
+
 ### XS Jails
 
 If you are only have a limited set of chars to use, check these other valid solutions for XSJail problems:
@@ -1194,9 +1306,13 @@ Find **more SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](ht
 
 ## XSS resources
 
-[https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection)\
-[http://www.xss-payloads.com](http://www.xss-payloads.com) [https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt](https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt) [https://github.com/materaj/xss-list](https://github.com/materaj/xss-list) [https://github.com/ismailtasdelen/xss-payload-list](https://github.com/ismailtasdelen/xss-payload-list) [https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec](https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec)\
-[https://netsec.expert/2020/02/01/xss-in-2020.html](https://netsec.expert/2020/02/01/xss-in-2020.html)
+* [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection)\
+
+* [http://www.xss-payloads.com](http://www.xss-payloads.com) [https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt](https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt) [https://github.com/materaj/xss-list](https://github.com/materaj/xss-list)&#x20;
+* [https://github.com/ismailtasdelen/xss-payload-list](https://github.com/ismailtasdelen/xss-payload-list)&#x20;
+* [https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec](https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec)\
+
+* [https://netsec.expert/2020/02/01/xss-in-2020.html](https://netsec.expert/2020/02/01/xss-in-2020.html)
 
 ### XSS TOOLS
 
