This Drupal 8 module allows to restrict text formats on fields.

Here are some common settings for HTMLawed that can be used as a more lenient 'filtered html' format for trusted editors that need a simple WYSIWYG. This configuration allows images, which can be a security risk. If you don't understand the risk, then leave Drupal's defaults the way they are and perhaps try to work with the Full HTML format or use CSS classes and stylesheets.

The htmLawed module enables the use of the htmLawed(X)HTML filter/purifier with text/input formats.

This module lets you use very fine grained html filtering.

See /docs/common-htmlawed-settings for common settings.

Rabbit Hole is a module that adds the ability to control what should happen when an entity is being viewed at its own page.

Also see Internal Nodes

Node access is only enforced when the views base table is {node}. This is an example of listing field collections and joining the node access table.

"Some content/nodes should never be viewed directly; only visible be through something else such as Views or Panels. This module denies access to node/[nid] URLs while allowing the content to stay published and otherwise viewable."

Also see Rabbit Hole

https