Vulnerability in EPiServer.Forms
I've built a bunch of custom epiforms elements and I'd like to display only these elements when the user presses "create new form element". The standard functionality always shows the "standard elements" as well, not only my custom ones. I dont want my users to be able to access these, so im looking for a way to hide them.
I'm sure you could do it at runtime for the FormContainer type by following something like
Most likely an easier way is to go to admin view => content type tab. Select the form element that you don't want to be available for editors, click 'settings' on the content type and un-check 'Available in edit view', Save.
Propably you could create an initialization module to do this from code.
Please see my answer on this post https://world.episerver.com/forum/developer-forum/episerver-forms/thread-container/2018/7/hiding-standard-formcontainerblock/
Basically, you can override ListAvailable method of DefaultContentTypeAvailablilityService to filter out the elements.
Awesome, thanks a bunch!
Shameless own blog post boost: How to hide content types from editors in Episerver which you don’t own
I would say that the initialization module and setting the content type availability for editors is still simpler and safer solution as you don't need to inherit the DefaultContentTypeAvailablilityService which is in internal namespace (and could change without any notice), used in Trans solution.
You could also remove create access rights (in admin view or in intialization module) to the content and it should hide it also from editors.