jscolor.js includes inline styles in the generated HTML, which means the insecure 'unsafe-inline' source has to be used for the style-src Content-Security-Policy