Validation is more than a regular expression
A useful validator checks the alphabet, padding position, padding count, and the number of data characters left in the final group. Alphanumeric-only values are ambiguous because they fit both the standard and URL-safe alphabets; the tool reports that ambiguity instead of inventing a variant.
Whitespace is counted separately because MIME-style wrapped Base64 may contain line breaks while strict application formats may reject them. Illegal characters are reported with zero-based positions so the broken part can be traced back to a copied header, JSON field, or transport layer.
Valid Base64 is not proof of valid content
Many ordinary words contain only Base64 alphabet characters. A string can therefore be structurally valid and still be plain text, the wrong payload, corrupted binary, or bytes that are not UTF-8. Validation answers whether the representation is decodable, not whether the decoded data is trustworthy.
RFC 4648 says general decoders should reject characters outside the selected alphabet unless another specification explicitly allows them. Do not remove arbitrary characters merely to force a green result.
Common failures this tool explains
- An equals sign appears before the final character group.
- More than two padding characters are present.
- The unpadded data length modulo four is 1, which cannot encode complete bytes.
- Standard and URL-safe symbols occur in the same value.
- A copied value contains punctuation that is not part of either Base64 alphabet.
Equivalent commands
Use the runtime or shell already available in your workflow. Validate untrusted input and keep binary output out of terminals when it may contain control bytes.
Python
import base64, binascii
try:
decoded = base64.b64decode(value, validate=True)
except binascii.Error as error:
print(error)
JavaScript
const clean = value.replace(/\s/g, '');
const strict = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
console.log(strict.test(clean));
Shell
if printf '%s' "$VALUE" | base64 --decode >/dev/null; then echo valid; else echo invalid; fi