From c03e297734f58f08a8e01e491f451a29fcafaa41 Mon Sep 17 00:00:00 2001
From: Richard Viney <richard@lightspeedgraphics.co.nz>
Date: Mon, 10 Sep 2018 13:28:02 +1200
Subject: [PATCH] FIX - Incomplete use of htmlSafe() on Cell.style

Seeing large numbers of these warnings: `Binding style attributes may introduce cross-site scripting vulnerabilities ...` on Ember 3.3.2.

The empty string being returned when there is no `columnWidth` needed to be wrapped in `htmlSafe()` or changed to `null`. Also I think the `htmlSafe()` call needs to wrap the entire `width: ...` style.
---
 addon/components/cells/base.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/addon/components/cells/base.js b/addon/components/cells/base.js
index 294347f7..f245c805 100644
--- a/addon/components/cells/base.js
+++ b/addon/components/cells/base.js
@@ -35,7 +35,7 @@ const Cell = Component.extend({
     // For performance reasons, it's more interesting to bypass cssStyleify
     // since it leads to a lot of garbage collections
     // when displaying many cells
-    return columnWidth ? `width: ${htmlSafe(columnWidth)};` : '';
+    return columnWidth ? htmlSafe(`width: ${columnWidth};`) : null;
   }),
 
   align: computed('column.align', function() {