This update has the ability to impact your PowerShell automation by adding a manual prompt.
Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.
Do you want to continue?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): On patched systems (Windows PowerShell 5.1 after applying the update), running Invoke-WebRequest without the -UseBasicParsing parameter on an HTML page will trigger an interactive security confirmation prompt warning about potential script execution risk from web content.
# Sample script to test the new Invoke-WebRequest security prompt
# Run this in Windows PowerShell (powershell.exe), not PowerShell 7 (pwsh.exe)
Write-Host "Testing Invoke-WebRequest WITHOUT -UseBasicParsing (should prompt on patched systems):" -ForegroundColor Yellow
# This will attempt full DOM parsing (using legacy IE engine)
# On patched systems: Expect a security warning prompt asking to continue or cancel
# Recommended action in prompt: Use -UseBasicParsing
Invoke-WebRequest -Uri "https://www.devopsunleashed.com"
Write-Host "`nTesting Invoke-WebRequest WITH -UseBasicParsing (no prompt expected):" -ForegroundColor Green
# This uses basic parsing (safe, no script execution risk)
# No prompt should appear, even on patched systems
Invoke-WebRequest -Uri "https://www.devopsunleashed.com" -UseBasicParsing
Write-Host "`nTest complete." -ForegroundColor Cyan
Write-Host "Note: The 'curl' command in PowerShell is an alias for Invoke-WebRequest, so it behaves the same way."The solution is to use the “UseBasicParsing” option if you are using PS 5.1. Beginning with PowerShell 6, all Web requests use basic parsing by default.
DevOps Unleashed 
Leave a comment