I think I would handle this via field validation with a suitable fail message rather than a script trigger. Validation rules apply to the field wherever it appears, whereas script triggers only apply to any specific field instance where they have been applied and, as you've found, how/when they fire can be an issue.
Yes, best to do it via field validation.
The "Validated by calculation" option allows to write code that evaluates either to false or empty = Fail or true = Valid.
I think in your case the Validation option must be set to "Always". And as keywords pointed out, a message can be added to the validation at field level.
I sometimes build a backdoor in the calculation for account with Admin privilege so the data can be corrected if need be.
Depending on how critical the fields are of course.
The only thing that is nasty is the "Revert record" Dialog. I wish FMI gave an option to silence that also at field level.
Beware that the average user is reluctant to press a button that says Revert (in some languages the wording is even more threatening) and keeps pressing Cancel until they reach for the task manager to kill the whole program.
For that reason I avoid field validation where possible and set a colored message in a global field when a warning needs to be given to the user and all potential problems are dealt with by the script.