Skip to content

Commit a93c07c

Browse files
committed
Ad note about trusting ApplicationArguments data
1 parent 75aaa48 commit a93c07c

File tree

8 files changed

+60
-18
lines changed

8 files changed

+60
-18
lines changed

reference/5.1/Microsoft.PowerShell.Core/About/about_Automatic_Variables.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description: Describes variables that store state information for PowerShell. These variables are created and maintained by PowerShell.
33
Locale: en-US
4-
ms.date: 01/18/2026
4+
ms.date: 02/10/2026
55
no-loc: [Reset, Current, Background, Blink, Bold, Foreground, Formatting, Hidden, Italic, Reset, Reverse, Underline, PSEventArgs, PSEventSubscriber, PSEdition]
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-5.1&WT.mc_id=ps-gethelp
77
schema: 2.0.0
@@ -583,6 +583,12 @@ from the originating session. To add data to the **ApplicationArguments**
583583
property, use the **ApplicationArguments** parameter of the
584584
`New-PSSessionOption` cmdlet.
585585

586+
> [!IMPORTANT]
587+
> Since this property contains data explicitly provided by the client, using
588+
> this for security decisions could allow attackers to bypass authorization
589+
> controls. Never use this data for trust decisions. Validate all user input
590+
> when used for other application logic.
591+
586592
### `$PSUICulture`
587593

588594
Contains the name of the user interface (UI) culture that's configured in the

reference/5.1/Microsoft.PowerShell.Core/New-PSSessionOption.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
external help file: System.Management.Automation.dll-Help.xml
33
Locale: en-US
44
Module Name: Microsoft.PowerShell.Core
5-
ms.date: 12/09/2022
5+
ms.date: 02/10/2026
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/new-pssessionoption?view=powershell-5.1&WT.mc_id=ps-gethelp
77
schema: 2.0.0
88
title: New-PSSessionOption
@@ -267,11 +267,16 @@ The final `Invoke-Command` shows how the data might be used.
267267

268268
### -ApplicationArguments
269269

270-
Specifies a **PrimitiveDictionary** that is sent to the remote session. Commands and scripts in the
270+
Specifies a **PrimitiveDictionary** that's sent to the remote session. Commands and scripts in the
271271
remote session, including startup scripts in the session configuration, can find this dictionary in
272272
the **ApplicationArguments** property of the `$PSSenderInfo` automatic variable. You can use this
273273
parameter to send data to the remote session.
274274

275+
> [!IMPORTANT]
276+
> Since this property contains data explicitly provided by the client, using this for security
277+
> decisions could allow attackers to bypass authorization controls. Never use this data for trust
278+
> decisions. Validate all user input when used for other application logic.
279+
275280
For more information, see [about_Hash_Tables](about/about_Hash_Tables.md),
276281
[about_Session_Configurations](About/about_Session_Configurations.md), and
277282
[about_Automatic_Variables](about/about_Automatic_Variables.md).

reference/7.4/Microsoft.PowerShell.Core/About/about_Automatic_Variables.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description: Describes variables that store state information for PowerShell. These variables are created and maintained by PowerShell.
33
Locale: en-US
4-
ms.date: 01/18/2026
4+
ms.date: 02/10/2026
55
no-loc: [Reset, Current, Background, Blink, Bold, Foreground, Formatting, Hidden, Italic, Reset, Reverse, Underline, PSEventArgs, PSEventSubscriber, PSEdition]
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-5.1&WT.mc_id=ps-gethelp
77
schema: 2.0.0
@@ -619,6 +619,12 @@ from the originating session. To add data to the **ApplicationArguments**
619619
property, use the **ApplicationArguments** parameter of the
620620
`New-PSSessionOption` cmdlet.
621621

622+
> [!IMPORTANT]
623+
> Since this property contains data explicitly provided by the client, using
624+
> this for security decisions could allow attackers to bypass authorization
625+
> controls. Never use this data for trust decisions. Validate all user input
626+
> when used for other application logic.
627+
622628
### `$PSUICulture`
623629

624630
Contains the name of the user interface (UI) culture that's configured in the
@@ -1155,5 +1161,3 @@ Default (Current): End
11551161
[76]: xref:System.Collections.IEnumerator.MoveNext
11561162
[77]: xref:System.Collections.IEnumerator.Reset
11571163

1158-
1159-

reference/7.4/Microsoft.PowerShell.Core/New-PSSessionOption.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
external help file: System.Management.Automation.dll-Help.xml
33
Locale: en-US
44
Module Name: Microsoft.PowerShell.Core
5-
ms.date: 12/09/2022
5+
ms.date: 02/10/2026
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/new-pssessionoption?view=powershell-7.4&WT.mc_id=ps-gethelp
77
schema: 2.0.0
88
title: New-PSSessionOption
@@ -267,14 +267,19 @@ The final `Invoke-Command` shows how the data might be used.
267267

268268
### -ApplicationArguments
269269

270-
Specifies a **PrimitiveDictionary** that is sent to the remote session. Commands and scripts in the
270+
Specifies a **PrimitiveDictionary** that's sent to the remote session. Commands and scripts in the
271271
remote session, including startup scripts in the session configuration, can find this dictionary in
272272
the **ApplicationArguments** property of the `$PSSenderInfo` automatic variable. You can use this
273273
parameter to send data to the remote session.
274274

275-
For more information, see [about_Hash_Tables](about/about_Hash_Tables.md),
275+
> [!IMPORTANT]
276+
> Since this property contains data explicitly provided by the client, using this for security
277+
> decisions could allow attackers to bypass authorization controls. Never use this data for trust
278+
> decisions. Validate all user input when used for other application logic.
279+
280+
For more information, see [about_Hash_Tables](About/about_Hash_Tables.md),
276281
[about_Session_Configurations](About/about_Session_Configurations.md), and
277-
[about_Automatic_Variables](about/about_Automatic_Variables.md).
282+
[about_Automatic_Variables](About/about_Automatic_Variables.md).
278283

279284
```yaml
280285
Type: System.Management.Automation.PSPrimitiveDictionary

reference/7.5/Microsoft.PowerShell.Core/About/about_Automatic_Variables.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description: Describes variables that store state information for PowerShell. These variables are created and maintained by PowerShell.
33
Locale: en-US
4-
ms.date: 01/18/2026
4+
ms.date: 02/10/2026
55
no-loc: [Reset, Current, Background, Blink, Bold, Foreground, Formatting, Hidden, Italic, Reset, Reverse, Underline, PSEventArgs, PSEventSubscriber, PSEdition]
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-7.5&WT.mc_id=ps-gethelp
77
schema: 2.0.0
@@ -619,6 +619,12 @@ from the originating session. To add data to the **ApplicationArguments**
619619
property, use the **ApplicationArguments** parameter of the
620620
`New-PSSessionOption` cmdlet.
621621

622+
> [!IMPORTANT]
623+
> Since this property contains data explicitly provided by the client, using
624+
> this for security decisions could allow attackers to bypass authorization
625+
> controls. Never use this data for trust decisions. Validate all user input
626+
> when used for other application logic.
627+
622628
### `$PSUICulture`
623629

624630
Contains the name of the user interface (UI) culture that's configured in the

reference/7.5/Microsoft.PowerShell.Core/New-PSSessionOption.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
external help file: System.Management.Automation.dll-Help.xml
33
Locale: en-US
44
Module Name: Microsoft.PowerShell.Core
5-
ms.date: 12/09/2022
5+
ms.date: 02/10/2026
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/new-pssessionoption?view=powershell-7.5&WT.mc_id=ps-gethelp
77
schema: 2.0.0
88
title: New-PSSessionOption
@@ -267,11 +267,16 @@ The final `Invoke-Command` shows how the data might be used.
267267

268268
### -ApplicationArguments
269269

270-
Specifies a **PrimitiveDictionary** that is sent to the remote session. Commands and scripts in the
270+
Specifies a **PrimitiveDictionary** that's sent to the remote session. Commands and scripts in the
271271
remote session, including startup scripts in the session configuration, can find this dictionary in
272272
the **ApplicationArguments** property of the `$PSSenderInfo` automatic variable. You can use this
273273
parameter to send data to the remote session.
274274

275+
> [!IMPORTANT]
276+
> Since this property contains data explicitly provided by the client, using this for security
277+
> decisions could allow attackers to bypass authorization controls. Never use this data for trust
278+
> decisions. Validate all user input when used for other application logic.
279+
275280
For more information, see [about_Hash_Tables](About/about_Hash_Tables.md),
276281
[about_Session_Configurations](About/about_Session_Configurations.md), and
277282
[about_Automatic_Variables](About/about_Automatic_Variables.md).

reference/7.6/Microsoft.PowerShell.Core/About/about_Automatic_Variables.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description: Describes variables that store state information for PowerShell. These variables are created and maintained by PowerShell.
33
Locale: en-US
4-
ms.date: 01/18/2026
4+
ms.date: 02/10/2026
55
no-loc: [Reset, Current, Background, Blink, Bold, Foreground, Formatting, Hidden, Italic, Reset, Reverse, Underline, PSEventArgs, PSEventSubscriber, PSEdition]
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-7.6&WT.mc_id=ps-gethelp
77
schema: 2.0.0
@@ -619,6 +619,12 @@ from the originating session. To add data to the **ApplicationArguments**
619619
property, use the **ApplicationArguments** parameter of the
620620
`New-PSSessionOption` cmdlet.
621621

622+
> [!IMPORTANT]
623+
> Since this property contains data explicitly provided by the client, using
624+
> this for security decisions could allow attackers to bypass authorization
625+
> controls. Never use this data for trust decisions. Validate all user input
626+
> when used for other application logic.
627+
622628
### `$PSUICulture`
623629

624630
Contains the name of the user interface (UI) culture that's configured in the

reference/7.6/Microsoft.PowerShell.Core/New-PSSessionOption.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
external help file: System.Management.Automation.dll-Help.xml
33
Locale: en-US
44
Module Name: Microsoft.PowerShell.Core
5-
ms.date: 12/09/2022
5+
ms.date: 02/10/2026
66
online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/new-pssessionoption?view=powershell-7.6&WT.mc_id=ps-gethelp
77
schema: 2.0.0
88
title: New-PSSessionOption
@@ -267,14 +267,19 @@ The final `Invoke-Command` shows how the data might be used.
267267

268268
### -ApplicationArguments
269269

270-
Specifies a **PrimitiveDictionary** that is sent to the remote session. Commands and scripts in the
270+
Specifies a **PrimitiveDictionary** that's sent to the remote session. Commands and scripts in the
271271
remote session, including startup scripts in the session configuration, can find this dictionary in
272272
the **ApplicationArguments** property of the `$PSSenderInfo` automatic variable. You can use this
273273
parameter to send data to the remote session.
274274

275-
For more information, see [about_Hash_Tables](about/about_Hash_Tables.md),
275+
> [!IMPORTANT]
276+
> Since this property contains data explicitly provided by the client, using this for security
277+
> decisions could allow attackers to bypass authorization controls. Never use this data for trust
278+
> decisions. Validate all user input when used for other application logic.
279+
280+
For more information, see [about_Hash_Tables](About/about_Hash_Tables.md),
276281
[about_Session_Configurations](About/about_Session_Configurations.md), and
277-
[about_Automatic_Variables](about/about_Automatic_Variables.md).
282+
[about_Automatic_Variables](About/about_Automatic_Variables.md).
278283

279284
```yaml
280285
Type: System.Management.Automation.PSPrimitiveDictionary

0 commit comments

Comments
 (0)