Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped
Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped
