Safe way to convert string literal without using Invoke-Expression

Asked Oct 27 '15 at 03:02

Active Oct 27 '15 at 03:02

Viewed 52 times

Is it possible to parse a string literal that contains an environmental variable without using Invoke-Expression? The string contents come from an external settings file and I want to minimize the possibility of an injection attack.

$string= '${env:USERPROFILE}\sub-directory'
# desired result: C:\Users\Name\sub-directory

Invoke-Expression ("Convert-Path " + $string) -OutVariable parsedString

asked Oct 27 '15 at 03:02

James Dudley

@Matt $ExecutionContext.InvokeCommand.ExpandString($string) is exactly what I was looking for - many thanks! – James Dudley Oct 27 '15 at 03:12
No problem. It is the one I use much of the time. – Matt Oct 27 '15 at 03:12

Safe way to convert string literal without using Invoke-Expression

0 Answers0