Generate JS into only lowercase alphabet letters, parenthesis and dots.

js-lower-alpha-parent-dot.html

<style>
textarea {
	width: 100%;
	height: 30%;
}
</style>
<textarea id="input">alert('xss')</textarea>
<textarea id="output"></textarea>
<br>
<label>Length: </label><span id="numchars"></span>
<br>
<button onclick="convert()">Convert</button>
<button onclick="run()">Eval</button>
<script>
// '': escape().constructor()
// '': escape().match() // if used for split
const dic =  {
	// basic hex letters
	0: 'sub.length',
	1: 'eval.length',
	2: 'replace.length',
	3: 'sub.name.length',
	4: 'name.length',
	5: 'apply.name.length',
	6: 'escape.name.length',
	7: '(typeof(true)).length',
	8: 'unescape.name.length',
	9: 'length',
	a: 'escape(...apply.name)',
	b: 'escape(...bind.name)',
	c: 'escape(...call.name)',
	d: 'bind.name.slice(search(true))',
	e: 'escape(...name)',
	f: 'escape(...escape(eval))',

	// unescape everything in worst case
//	'%': 'escape(eval).split(match()).sort().shift()',
	'%': 'unescape(...escape(this))',

	// shortcut if useful
	27: 'sup().bold().length',
}

function convert() {
	const input = document.getElementById('input').value;
	let convert = [...input].map(e => ('00' + e.charCodeAt(0).toString(16)).substr(-2));
	let output = 'with(eval)with(escape())eval(unescape(match()';
	for (let c in convert) {
		if (convert[c] in dic) {
			output += '.concat('+dic[convert[c]]+')';
		} else {
			let [u,l] = convert[c];
			// check for explicit cast
			if (typeof (eval('with(eval)with(escape())'+dic[u])) === "string") {
				output += '.concat('+dic[u]+'.concat('+dic[l]+'))';
			} else {
				output += '.concat(escape('+dic[u]+').concat('+dic[l]+'))';
			}
		}
	}
	output += '.join('+dic['%']+')))';
	document.getElementById('output').value = output;
	document.getElementById('numchars').innerText = output.length;
}

function run() {
	eval(document.getElementById('output').value);
}
</script>