After upgrading to SAP Commerce 2105 Patch 13 from 1811, components with type CMSParagraphComponent do not have img, span HTML tags and HTML tag attributes like class, style.
Before upgrade HTML was displaying in the page as following:
<div class="content">
<div class="size-guide__area active" data-js="size-guide-area">
<div>
<div class="size-guide__close" data-js="size-guide-close">
My text
<span class="icon-close-circle"></span>
</div>
</div>
</div>
</div>
My component is covered with <true class="yCmsComponent"></true> after upgrade somehow.
After upgrade HTML is displaying as following:
<true class="yCmsComponent">
<div class="content">
<div>
<div>
<div>
My Text
</div>
</div>
</div>
</div>
</true>
impex:
INSERT_UPDATE CMSParagraphComponent;$contentCV[unique=true];uid[unique=true];name;&componentRef;content[lang=$lang];
;;chartParagraph;Chart Paragraph;chartParagraph;"<div class='size-guide__area' data-js='size-guide-area'>
<div>
<div class='size-guide__close' data-js='size-guide-close'>
My text
<span class='icon-close-circle'></span>
</div>
usage in tag file:
<cms:component uid="chartParagraph" evaluateRestriction="false"/>
CMSParagraphComponentRenderer class is sanitizing HTML. Rules are defined in HtmlSanitizerPolicyProvider class. It is checking a property before sanitizing. I solved issue by changing the property in storefront extension. You may customize HtmlSanitizerPolicyProvider class to have a safer solution. Changing following property may cause an issue, it is not the safest solution.
In the project.properties file of the storefront extension, add following property.
cms.components.allowUnsafeJavaScript=true