This tweet suggests using the 'onwaiting' event to bypass a WAF with an attribute blocklist for XSS attacks. The event 'onwaiting' is considered obscure and may help in evading the WAF protections. Further analysis and testing are needed to confirm its effectiveness. It is recommended to update the XSS cheat sheet with this information and explore its potential impact on different WAF vendors.