FIX: remove dangerous support for style/background attributes in polls

plugins/poll/assets/javascripts/components/poll-option.js.es6

@@ -1,6 +1,6 @@
 export default Em.Component.extend({
   tagName: "li",
-  attributeBindings: ["data-poll-option-id", "data-poll-selected", "style"],
+  attributeBindings: ["data-poll-option-id", "data-poll-selected"],
 
   "data-poll-option-id": Em.computed.alias("option.id"),
 
@@ -8,14 +8,6 @@ export default Em.Component.extend({
     return this.get("option.selected") ? "selected" : false;
   }.property("option.selected"),
 
-  style: function() {
-    var styles = [];
-    if (this.get("color")) { styles.push("color:" + this.get("color")); }
-    if (this.get("background")) { styles.push("background:" + this.get("background")); }
-
-    return (styles.length > 0 ? styles.join(";") : '').htmlSafe();
-  }.property("color", "background"),
-
   render(buffer) {
     buffer.push(this.get("option.html"));
   },

plugins/poll/assets/javascripts/components/poll-results-standard.js.es6

@@ -3,19 +3,14 @@ export default Em.Component.extend({
   classNames: ["results"],
 
   options: function() {
-    const voters = this.get("poll.voters"),
-          backgroundColor = this.get("poll.background");
+    const voters = this.get("poll.voters");
 
     this.get("poll.options").forEach(option => {
-      const percentage = voters === 0 ? 0 : Math.floor(100 * option.get("votes") / voters),
-            styles = ["width: " + percentage + "%"];
-
-      if (backgroundColor) { styles.push("background: " + backgroundColor); }
+      const percentage = voters === 0 ? 0 : Math.floor(100 * option.get("votes") / voters);
 
       option.setProperties({
         percentage,
-        title: I18n.t("poll.option_title", { count: option.get("votes") }),
-        style: styles.join(";").htmlSafe()
+        title: I18n.t("poll.option_title", { count: option.get("votes") })
       });
     });