More entity / bypass fun:

As far as I'm aware you can have 3 kinds of HTML entities. Named, decimal and hexadecimal. For example:

a == "a"
/ == "/"
% == "%"

The first trick is, you don't actually need the semicolon most of the time. If you write "It's like 33&#x25ish" it will still work and show "It's like 33%ish"

Another nice trick with the hexadecimal notation is that you can add an arbitrary amount of zeros before the actual number like so: a

You can use and combine these when certain entities are blocked or if there is a regex that doesn't take these tricks into account.