diff --git a/src/rezplugins/shell/_utils/powershell_base.py b/src/rezplugins/shell/_utils/powershell_base.py index 18759d102..96f4241aa 100644 --- a/src/rezplugins/shell/_utils/powershell_base.py +++ b/src/rezplugins/shell/_utils/powershell_base.py @@ -202,6 +202,12 @@ def _record_shell(ex, files, bind_rez=True, print_msg=False): # Suppresses copyright message of PowerShell and pwsh cmd += ["-NoLogo"] + # Powershell execution policy overrides + # Prevent injections/mistakes by ensuring policy value only contains letters. + execution_policy = self.settings.execution_policy + if execution_policy and execution_policy.isalpha(): + cmd += ["-ExecutionPolicy", execution_policy] + # Generic form of sourcing that works in powershell and pwsh cmd += ["-File", target_file] diff --git a/src/rezplugins/shell/rezconfig b/src/rezplugins/shell/rezconfig index c8d509fac..392a8b655 100644 --- a/src/rezplugins/shell/rezconfig +++ b/src/rezplugins/shell/rezconfig @@ -27,11 +27,13 @@ powershell: prompt: '> $ ' additional_pathext: ['.PY'] executable_fullpath: null + execution_policy: null pwsh: prompt: '> $ ' additional_pathext: ['.PY'] executable_fullpath: null + execution_policy: null gitbash: prompt: '>'