berkes · March 15, 2014 14:15
diff --git a/calc.rb b/calc.rb
 #!/usr/bin/env ruby

 require "sinatra"
 include Math

 # Anything but a space, number, .+-*/ or ^ is dissallowed
 WHITELIST = %r{[^ 0-9.+\-*\/\^]+}

 html = <<-EOT
 <html>
 <head>
  <style>
    #expression { width: 100%, font-size 3em; display: block; margin-bottom: 1em; }
  </style>
 </head>
 <body>
  <input id="expression" placeholder="1+2"/>
  <div id="result"><div>

  <script src="http://code.jquery.com/jquery-1.11.0.min.js"></script>
  <script>
  $('#expression').keyup(function(){
    $.get('/calc',{
      exp:$('#expression').val()
    }, function(r){
      $('#result').html(r);
    });
  });
  </script>
 </body></html>
 EOT

 get '/' do
  html
 end
 get '/calc' do
  begin
    eval(params['exp'].gsub(WHITELIST, '')).to_s
  rescue
    'Invalid expression'
  end
 end
	#!/usr/bin/env ruby

	require "sinatra"
	include Math

	# Anything but a space, number, .+-*/ or ^ is dissallowed
	WHITELIST = %r{[^ 0-9.+\-*\/\^]+}

	html = <<-EOT
	<html>
	<head>
	<style>
	#expression { width: 100%, font-size 3em; display: block; margin-bottom: 1em; }
	</style>
	</head>
	<body>
	<input id="expression" placeholder="1+2"/>
	<div id="result"><div>

	<script src="http://code.jquery.com/jquery-1.11.0.min.js"></script>
	<script>
	$('#expression').keyup(function(){
	$.get('/calc',{
	exp:$('#expression').val()
	}, function(r){
	$('#result').html(r);
	});
	});
	</script>
	</body></html>
	EOT

	get '/' do
	html
	end
	get '/calc' do
	begin
	eval(params['exp'].gsub(WHITELIST, '')).to_s
	rescue
	'Invalid expression'
	end
	end