Some event handlers do not appear in the OWASP list.
It is a touch event like ontouch*. It is a limited item on mobile devices, so it has a less effective effect than general purpose, but it is a good item to trigger XSS.
(In fact, sometimes I forgot this event handler. so i take a note!)
[ ontouchstart ]
Triggers when a finger touch the screen
[ ontouchend ]
Triggers when a finger is removed from touch screen
[ ontouchmove ]
When a finger is dragged across the screen.
|only mobile…, pc browser is not running code