fix: Fixed CSP policy for commit page (#733)

JohnstonCode · web-flow · commit 6996ff07e9ff · 2019-11-11T08:52:33.000Z
diff --git a/src/messages.ts b/src/messages.ts
@@ -78,7 +78,7 @@ async function showCommitInput(message?: string, filePaths?: string[]) {
   Use a content security policy to only allow loading images from https or from our extension directory,
   and only allow scripts that have a specific nonce.
   -->
-  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src ${panel.webview.cspSource} https:; script-src ${panel.webview.cspSource}; style-src ${panel.webview.cspSource};">
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src ${panel.webview.cspSource} https:; script-src ${panel.webview.cspSource} 'unsafe-inline'; style-src ${panel.webview.cspSource};">
 
   <title>Commit Message</title>
   <link rel="stylesheet" href="${styleUri}">
