Execute JavaScript for XSS without script tags

Question

I am learning about XSS (for ethical purposes), and I was wondering how to execute some JavaScript code without using

Answer 1

Another one was mentioned at: https://stackoverflow.com/a/53430230/895245

asdf

Works on Chromium 81.

More important perhaps is the question of how to sanitize against it, see e.g.:

• How to prevent XSS with HTML/PHP?
• How to sanitize HTML code in Java to prevent XSS attacks?
• Is using jquery parseHTML to remove script tags enough to prevent XSS attacks?