When bypassing a WAF, trying different event handlers can be effective. In this case, attempting "ontest" can reveal if the WAF block starts with 'on'. If unsuccessful, further evasion techniques may be necessary.
For more insights, check out the original tweet here: https://twitter.com/_doesnotcompute/status/1907528172897185899. And don’t forget to follow @_doesnotcompute for more exciting updates in the world of cybersecurity.