I'm afraid I'm not near a dev pc, so I can't test the code, but here's what comes to mind:
You're not using the result of session.Execute(code);
, so if a user were to put in 3+3
, it would get executed, and the return value would be 6, but since it's not captured, it simply would go out of scope. If instead, you did object result = session.Execute(code);
, the output would be the integer 6; You could then call .ToString() on result
and put that in your text box.
And of course be careful allowing users to execute arbitrary code on your webserver...