The tweet describes a bypass for XSS WAF with limits using a payload 'parent[/al/.source+/ert/.source](1)'. This payload bypasses the 'alert' block without spaces and quotes. It provides an alternative payload without spaces, quotes, and + sign which is 'parent[/al/.source.concat(/ert/.source)](2).
Original tweet: https://twitter.com/therceman/status/1804101234569183300
Subscribe for the latest news: