I don’t know of a full list, and it may well be that no such list exists publicly. You may have to find out for yourself. (Although I don’t think anything speaks against setting up a test page with a number of iframes, and asking the SO community to provide data with their respective browsers. It’s been done before.)

In Internet Explorer, this one should definitely be on the list:

• application/hta for Hypertext Applications

Candidates that I would test for (because it’s conceivable a careless programmer might activate them for HTML parsing) include:

• application/form-data
• text/xhtml+xml (used to be proposed in 2000, no idea what happened to that)

However, I tested those with both Chrome 9 and the latest Firefox, and they reject everything except text/html. Firefox shows them as downloadable resources instead, which I think eliminates them from your equation as any JS therein will be executed in the local context rather than the URL’s. (IE is executing everything including text/plain for me, but I think that is a header mixup with my server.)

If you want to go for hard-core sure for the Open Source browsers, check their source code or ask on their mailing lists/forums. I have a feeling the good ones have text/html hard-coded.

Edit: Arrgh! Firefox, Chrome and IE parse HTML, and execute scripts, regardless of content type – I successfully managed to set Content-type: text/poppycock – when the resource’s extension is .htm or .html. That means that you have to test not only for MIME types, but for file extensions (which should not play any role in HTTP) as well. Didn’t know that – this was probably introduced to fix the output of broken web servers. Stuff like this is why I don’t work in IT security 🙂

All tests made on Windows 7.