XSS Challenge - Sh*t it's a WAF

Welcome to your profile page , can you spot the XSS and bypass the WAF ?

Update Your Profile:


Rules:
  1. The payload should be working on the latest version of modern browsers (FF44+, Chrome 48+, Edge)
  2. Mild user interaction is allowed (clicking, etc ..)
  3. Try to make a payload that bypass the XSS auditor in Chrome or Safari (if it’s possible)
Solvers: