internal static bool IsInvalidString (string val, out int validationFailureIndex)
{
validationFailureIndex = 0;
int len = val.Length;
if (len < 2)
return false;
char current = val [0];
for (int idx = 1; idx < len; idx++) {
char next = val [idx];
// See http://secunia.com/advisories/14325
if (current == '<' || current == '\xff1c') {
if (next == '!' || next < ' '
|| (next >= 'a' && next <= 'z')
|| (next >= 'A' && next <= 'Z')) {
validationFailureIndex = idx - 1;
return true;
}
} else if (current == '&' && next == '#') {
validationFailureIndex = idx - 1;
return true;
}
current = next;
}
return false;
}