I'm using WEB API 2. Whenever somebody tries to insert the script into my API, I want to throw 404 or 400 error with a custom message, and not 500 error.
This is different from SO question - Getting "A potentially dangerous Request.Path value was detected from the client (&)" because I don't want to allow, but throw custom errors.
Basically, I want to just return if the script is detected, without executing any controllers, if possible.
Could you please provide some clarity on why you want to do this?
I would recommend that you look at the global.asax event Application_BeginRequest() and check the unvalidated properties in a custom method here. That will ensure you dont need to completely disable the validation and leave yourself vulnerable?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.