Siteminder's POST preservation functionality allows a user's POST data to be stored in case they are redirected for authentication in response to a POST request. This is done by placing the POST data into a variable called SmPostPreserve. Is this SmPostPreserve value encoded or encrypted, and if so, will the value ever contain the following characters?
The SmPostPreserve value is both encrypted and Base64 encoded. As the Base64 chars only include ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=, the XSS characters listed in the question (<,>,&,',") would never be part of the SmPostPreserve value.