I'm using WEB API 2. Whenever somebody tries to insert the script into my API, I want to throw 404 or 400 error with a custom message, and not 500 error.
This is different from SO question - Getting "A potentially dangerous Request.Path value was detected from the client (&)" because I don't want to allow, but throw custom errors.
Basically, I want to just return if the script is detected, without executing any controllers, if possible.