Is there a number field that supports calculation?

I’m looking for a number field (e.g. € amount) that supports entry (not display) of basic calculations like 12+4 or 12/4 or even 12+4/4. When leaving the field it does the calculation and displays/binds the result.
If not any suggestions on how to implement such a field?

For the calculation you can use the Spring Expression Language Parser.

ExpressionParser parser = new SpelExpressionParser();
Expression expression = parser.parseExpression("12/4");


And then you can add a ValueChangeListener to update the filed value

or a BlurListener

That sounds like the perfect candidate for information disclosure problems :shushing_face:


Doesn’t the parser allow to access java classes or other stuff?

Literal expressions
Boolean and relational operators
Regular expressions
Class expressions
Accessing properties, arrays, lists, and maps
Method invocation
Relational operators
Calling constructors
Bean references
Array construction
Inline lists
Inline maps
Ternary operator
User-defined functions
Collection projection
Collection selection
Templated expressions

Sounds like a lot of stuff I would not want to allow users to do on my system :sweat_smile:

That’s right!

It would make sense to sanitize the entered expression

I would disallow:

  • new

I would go with an allowlist like number, spaces and characters used for math

Allowlists are always better. Then you don’t accidentally forget to include some obscure vulnerability.

I implemented it in but not based on any framework (to reduce dependencies). Based the code on, but removed functions like sin, sqrt, …