Siteminder's POST preservation functionality allows a user's POST data to be stored in case they are redirected for authentication in response to a POST request. This is done by placing the POST data into a variable called SmPostPreserve. Is this SmPostPreserve value encoded or encrypted, and if so, will the value ever contain the following characters?
<,>,&,',"
The SmPostPreserve value is both encrypted and Base64 encoded. As the Base64 chars only include ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=, the XSS characters listed in the question (<,>,&,',") would never be part of the SmPostPreserve value.