Accidental code execution in ISE by pressing F1
Votes from Connect: 12
Original Date Submitted: 9/19/2012 5:52:24 AM
Site Name: PowerShell
Feedback ID: 763406
Frequency: Always Happens
Regression: No, this is new to the most recent version
when you press F1 in ISE 3.0, the word the cursor is in is used as a keyword, and ISE executes this code:
Get-Help "keyword" -ShowWindow
The problem here are the double-quotes. The keyword should be placed into single quotes. With double quotes, unexpected behavior and accidental code execution is possible.
See details section below for steps to repro.
Product Studio item created by Connect Synchronizer due to creation of feedback ID 763406 (http://connect.microsoft.com/PowerShell/feedback/ViewFeedback.aspx?FeedbackID=763406).
Run this code in ISE:
$test = 'Get-Service'
Place the cursor anywhere into $test and press F1.
Help for Get-Service opens. There should have been help for variables instead or no help at all BUT NOT help based on the content of the variable.
Type this into ISE:
$test = '$(Restart-Computer -whatif)'
Select the text inside the quotes and press F1.
Help opens, and at the same time the selected code executes.
ISE should place the keyword into single quotes to ensure that it is taken literally and not converted or invoking code execution.
Internal BugId: 3828