Instead of checking to see if the string contains a valid expression, it might be better to see if it is a valid expression:
whitelist = '^('+'|'.join(
# oprators, digits
['-', r'\+', '/', r'\\', r'\*', r'\^', r'\*\*', r'\(', r'\)', '\d+']
# functions of math module (ex. __xxx__)
+ [f for f in dir(math) if f[:2] != '__']) + ')*$'
The little "r"s are just to make the strings work more correctly, the "^...$" forces it to check the whole string, and the "(...)*" matches an arbitrary string of allowable tokens. Now re.match(whitelist, expr)actually does what was expected above.
Comment
Cool! Thanks!
Parent comment
Instead of checking to see if the string contains a valid expression, it might be better to see if it is a valid expression: whitelist = '^('+'|'.join( # oprators, digits ['-', r'\+', '/', r'\\', r'\*', r'\^', r'\*\*', r'\(', r'\)', '\d+'] # functions of math module (ex. __xxx__) + [f for f in dir(math) if f[:2] != '__']) + ')*$' The little "r"s are just to make the strings work more correctly, the "^...$" forces it to check the whole string, and the "(...)*" matches an arbitrary string of allowable tokens. Now re.match(whitelist, expr)actually does what was expected above.