Vulnerability in EPiServer.Forms
In my case, I need to create new event page with form for user can register and editor can edit register information like status (Ex: from "New" to "Confirmed"). I use xform for register form. There is a "View form data" in edit mode allow editor can view register information and support some function like export, delete, filter by date but I don't know how to edit register information, adding some filter functions (Ex: filter by name) or sorting. I hope someone can help me this issue.
The "View form data" is rendered by the EPiServer.Web.WebControls.XFormPostings web control so I don't think there's an easy way of customizing this. Perhaps you can add a control adapter class inheriting from System.Web.UI.Adapters.ControlAdapter and do some customization in there. You can take control of the entire rendering through an adapter. See this article for more information: http://weblogs.asp.net/ricardoperes/asp-net-web-forms-extensibility-control-adapters. Another approach is to create your own dojo/dijit property or component from scratch and hide the built-in functionality but it can easily get pretty advanced.
In the past I developed a similar solution as you with registrations for events stored as XForm data. I created a login protected area for editors/admins to view/update/export the data. If I would do it today I would probably use Entity Framework, Dynamic Data Store or something similar to store the data as it is easier to work with as a developer.
Thank for your response. I know it is not easy to rewrite built-in view data grid. I think another easier solution, write a sub page with grid on UI and only viewed in EditMode or after editor login to display information from xform.