What is a list of HTML elements that load external resources? (HTML email address)

I am looking for a list of elements that can load external resources if additional DOM manipulations via JavaScript are not allowed. I am trying to host emails from third parties using an HTML viewer and when that happens I need to remove all resources that are loaded automatically so that only the basic HTML is displayed, even if that makes the content incorrect.

So far, the list looks like this:

<img />
<embed />
<object />
<link />
<script />
<audio />
<video />
<style type="text/css">selector { property: uri('') }</style>

      

        
        
        
      

    

Are there any other elements or patterns I need to consider in order not to load third party resources. And, yes, I'm familiar with the sandbox attribute, but we also need support for older browsers.