From 6996ff07e9ffcfb13ad008d1313aab57544e3354 Mon Sep 17 00:00:00 2001
From: Christopher <me@chrisjohnston.co.uk>
Date: Mon, 11 Nov 2019 08:52:33 +0000
Subject: [PATCH] fix: Fixed CSP policy for commit page (#733)

---
 src/messages.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/messages.ts b/src/messages.ts
index d36796e6..c3332e10 100644
--- a/src/messages.ts
+++ b/src/messages.ts
@@ -78,7 +78,7 @@ async function showCommitInput(message?: string, filePaths?: string[]) {
   Use a content security policy to only allow loading images from https or from our extension directory,
   and only allow scripts that have a specific nonce.
   -->
-  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src ${panel.webview.cspSource} https:; script-src ${panel.webview.cspSource}; style-src ${panel.webview.cspSource};">
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src ${panel.webview.cspSource} https:; script-src ${panel.webview.cspSource} 'unsafe-inline'; style-src ${panel.webview.cspSource};">
 
   <title>Commit Message</title>
   <link rel="stylesheet" href="${styleUri}">