A bug bounty tip suggests using HTML encoded backquote ` symbol to bypass XSS WAF restrictions in HTML events. The payload includes ` and ` to execute the alert function, as shown with alert`1` and alert`1`. Additionally, an example of injecting JavaScript code into an anchor tag is provided with <a href="javascript:PAYLOAD">go</a>. This technique can be used to evade WAF protections against XSS vulnerabilities.