The tweet mentions a WAF bypass XSS challenge from 2013 that included MentalJS and Dompurify. It states that despite being a decade later, these can still be bypassed. It is important to note that WAF bypass vulnerabilities are still prevalent and can impact various vendors. The use of specific payloads like MentalJS and Dompurify highlights the ongoing challenges in securing web applications against XSS attacks. This scenario emphasizes the need for continuous improvement in WAF technologies to address evolving threats and vulnerabilities.
Check out the original tweet here: https://twitter.com/ryancbarnett/status/1892566800908316701