How to check for XSS which is in base64 encoded format

We have a requirement to check if the payload attribute is XSS attack (for eg. <script>alert('XSS')</script> in base64 format it will be 'PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='). The attribute content is in base64 format. We want to check for HTTP special characters if its present then discard the attribute content. Can someone please help.

0 1 3,028

I suppose you will need to base64 decode the content, and THEN check it against a regex.

The attached proxy shows how you could do that.

Basically you can use an AssignMessage to decode it, and then just use your normal regex policy on the variable. Like this

<AssignMessage name='AM-Decode'>

And then

<RegularExpressionProtection name="RegularExpressionProtection-1">
  <Variable name="decoded_content">