This is a very old technique I discovered years ago which I used to bypass a filter and it’s pretty awesome. It might come in handy to bypass a WAF or filter since it’s not public until now. First you need to understand (which you probably do) that the window object is the default object in JavaScript and every time you execute code it’s like you’ve run a with statement on the window if your not more specific. So stuff like onload is really window.onload and so on lets see if you can guess what comes next….