The tweet mentions a WAF that filters all events starting with 'on'. An unconventional way to bypass this filter could be using a payload that starts with 'on' but includes additional characters or encoding to evade the filter. This could potentially trick the WAF into allowing the payload through. If successful, this bypass could pose a security risk as it could bypass the WAF's protection mechanisms.
Check out the original tweet here: https://twitter.com/MatteoC68006921/status/1855544032405148101