Entering a mathematic expression, and then make the calculation of it?

Hey Folks,

I am looking for a way to entering a mathematical expression in apple scrip, and then make the exact calculation of it.

Lets say, I have 2 values (a=10 and b=20) and I would like to make the calculation of any function of (a, b) that the user of the script could enter. For example : a+b, ab, a/b, aa/b, (a+b)/(a-b)+1, etc … any function of (a,b) that the user can think of.

I guess that the idea of the script should look like this :

set function to text returned of (display dialog “Enter the expression of the function?” default answer “”) as string

set a to 10 as number
set b to 20 as number

– find a way to evaluate “function”

display dialog "The numerical value of the function is : " & function

Any hint would be very appreciated! :slight_smile:
Arnaud

You may try :

set theFunction to text returned of (display dialog "Enter a formula" default answer "(a+b)/(a-b)+1")

set theScript to "set a to 10 as number
set b to 20 as number
return " & theFunction

run script theScript

Yvan KOENIG (VALLAURIS, France) lundi 23 juin 2014 18:38:04

This is the AppleScript equivalent of running with scissors. It’s all fun and laughter until someone types ‘tell app “Finder” to delete files of home’ into the dialog box. Never directly execute code from untrusted sources. Always sanitize your inputs. (See also: SQL injection hacks, XSS attacks, and so on.)

If you want to do it quick-n-dirty, use regular expressions to ensure that the user input contains only “safe” characters, e.g. by trying to match the following pattern and error:

[^a-zA-Z0-9()\s.^*/+-]|[a-zA-Z]{2,}

That looks for anything that isn’t obviously a math-related symbol, or is a sequence of two or more letters (i.e. anything that might be a command or other keyword). If it finds a match, reject the string as “unsafe” and ask the user to try again. But rough and ready, obviously, and may not catch all naughtiness, so caveat emptor, etc.

The correct way would be to write your own math expression parser, which isn’t terribly difficult if you’ve reasonable programming skills (easiest way is just to find an existing implementation written in another language and port it over; I need to do one myself sometime), but if you don’t then it’s probably above your abilities and not an effective use of your time unless you’re interested in learning that sort of thing.

Alternatively, just find a math calculator and use it directly; e.g. try apropos calc, or install an existing Python/Ruby/etc library or CLI executable or whatever, and call it via do shell script.

You can add bc for calculating floating points to this list.

Yvan Koenig, hhas, DJ Bazzie Wazzie,

Thank you very much for your answers. That’s exactly what I was looking for. I will go-ahead and do what is proposed by Yvan, secured by hhas.

Thanks again (merci beaucoup! :wink: )

I don’t understand why you would need unix in this. AppleScript can handle the simple math functions.

That’s not the point. You’re asking the user for an mathematical expression to type and then eval that code. As hhas mentioned you’re vulnerable for injecting code. Maybe for own use in an harmless script it’s no problem, but the security leak is huge and should be mentioned.

I see, So, whenever you ask for user input, you should think about if the user can enter something for that will break your security. I never thought of that. I’ve always thought that you should make it secure at the beginning, but never thought that they could do something afterwards. I need to rethink all those programs with the passwords.

Interesting stuff. Don’t mind me I’m just rambling on.

gl,
kel

You know what? It all comes down to using the right tool for the job! What do you think?

gl,
kel