Wrath and Glory stuck on load screen

The Wrath and Glory character sheet is stuck on the load screen when loading from the template.  It loads without an issue when using custom character sheet option from the templates section.  I am using the same code I submitted to GitHub. This occrs on IE, Chrome, FireFox. Thanks, Barry

(Moving to Character Sheets as this looks like a sheet issue rather than a Roll20 issue.  Can easily be moved back if not the case)

Hi GenKitty, This does not appear to be a problem with the character sheet.&nbsp; I am able to run the code I submitted in GitHub without any issues by dropping it into custom character sheet template. When I hit F12 I get the following error. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-+ih/0/YkDUzqhvp3db0c856+PFZD/OUhwb/X1n8oYgM='), or a nonce ('nonce-...') is required to enable inline execution. /editor/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-k8Kx+oSRaLZ+X7/r67j0Mow6bzS2pemyX++9YAOg3BU='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active app.roll20.net/:17 GET <a href="https://app.roll20.net/editor/startjs/?timestamp=1533339312&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false" rel="nofollow">https://app.roll20.net/editor/startjs/?timestamp=1533339312&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false</a> 500 () loading.js?v=11:1 Uncaught ReferenceError: d20ext is not defined &nbsp; &nbsp; at loading.js?v=11:1 (anonymous) @ loading.js?v=11:1 app.js?1533140087:338 Uncaught TypeError: Cannot read property 'siteURL' of undefined &nbsp; &nbsp; at app.js?1533140087:338 &nbsp; &nbsp; at app.js?1533140087:371 If I read the error correctly it appears that it is a cross scripting error generated when the following line was added in packaging.&nbsp; I believe this is the cause because it is referenced in the error, it is a different site, and it does not have a SHA hash. &lt;link href =' <a href="https://fonts.googleapis.com/css?family=Patrick+Hand|Contrail+One|Shadows+Into+Light|Candal&amp;amp;subset=latin,latin-ext" rel="nofollow">https://fonts.googleapis.com/css?family=Patrick+Hand|Contrail+One|Shadows+Into+Light|Candal&amp;amp;subset=latin,latin-ext</a> ' rel =' stylesheet ' type =' text/css '&gt; Any help from roll20 would be helpful as my code works when run from a custom panel vs from the version packaged from Roll20.

Hi MrBS, Most of that console log is normal for Roll20. These lines are things that are normally seen: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-+ih/0/YkDUzqhvp3db0c856+PFZD/OUhwb/X1n8oYgM='), or a nonce ('nonce-...') is required to enable inline execution. /editor/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-k8Kx+oSRaLZ+X7/r67j0Mow6bzS2pemyX++9YAOg3BU='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active app.roll20.net/:17 GET <a href="https://app.roll20.net/editor/startjs/?timestamp=1533339312&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false" rel="nofollow">https://app.roll20.net/editor/startjs/?timestamp=1533339312&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false</a> 500 () This is I believe where your issue is (or another symptom of your issue): loading.js?v=11:1 Uncaught ReferenceError: d20ext is not defined &nbsp; &nbsp; at loading.js?v=11:1 (anonymous) @ loading.js?v=11:1 app.js?1533140087:338 Uncaught TypeError: Cannot read property 'siteURL' of undefined &nbsp; &nbsp; at app.js?1533140087:338 &nbsp; &nbsp; at app.js?1533140087:371 So, here you've got an undefined variable in your sheet, "d20ext", and a typeError where you can't read the propery "siteURL" of some undefined thing. So, there's a couple possibilities that could be causing this. One that I've run into with a couple of mine is that if your sheet is over 13000ish lines of code, it doesn't import to being a live sheet from github correctly (works fine as a custom sheet). Neither of the two wrath and glory sheets I can see on the github repo are even a fraction of the way to that problem though. The second is obviously that you have some improperly defined variables/objects in your code; maybe from a typo or a weird copy/paste error from moving it to github. Can you post some screencaps of what the sheet looks like when it is stuck on the load screen (character sheets typically don't have a load screen). EDIT: Also, which of the wrath and glory sheets are you trying to access from the drop down?

loading.js?v=11:1 Uncaught ReferenceError: d20ext is not defined &nbsp; &nbsp; at loading.js?v=11:1 (anonymous) @ loading.js?v=11:1 app.js?1533140087:338 Uncaught TypeError: Cannot read property 'siteURL' of undefined &nbsp; &nbsp; at app.js?1533140087:338 &nbsp; &nbsp; at app.js?1533140087:371 Those error messages are actually common on loading issues apparently. "d20ext" is not a variable in any of Barry's files, it's part of roll20 js scripts. I tried using the sheet for the game I was preparing and i'm getting the same error :&nbsp; Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-WHP2dLCuA+iMkOpKeptcxx2Fxp1eGVYw7QlpTJDh2bs='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-k8Kx+oSRaLZ+X7/r67j0Mow6bzS2pemyX++9YAOg3BU='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active app.roll20.net/:17 GET <a href="https://app.roll20.net/editor/startjs/?timestamp=1533471300&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false" rel="nofollow">https://app.roll20.net/editor/startjs/?timestamp=1533471300&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false</a> 500 () loading.js?v=11:1 Uncaught ReferenceError: d20ext is not defined at loading.js?v=11:1 (anonymous) @ loading.js?v=11:1 app.js?1533140087:338 Uncaught TypeError: Cannot read property 'siteURL' of undefined at app.js?1533140087:338 at app.js?1533140087:371 So I'd tend to join Barry in thinking it is a packaging issue on roll20's side.

d20ext is not in my code; it was introduced during the packaging.&nbsp; I dont label in that format but just to be certain I double checked. To be a bit more clear.&nbsp; The loading issue does not occur on the loading of the character sheet but when you launch the campaign with the Wrath and Glory character sheet template listed (only one listed at this time). This is what happens when the campaign is launched with the above template selected. When I do the above using the custom option in Character Sheet Template using the exact same code submitted, it launches properly and does not get stuck on loading. I did some minor tweaks -- some minor errors that I found in the css and html -- and resubmitted.&nbsp; Dont think any of these should make a difference as it all has to do with display of the sheet. Because the same code works on custom option vs the packaged option, I suspect something happened during the packaging stage. Thanks for the feedback!&nbsp; All greatly appreciated.

Devs have been pinged :)

Just tested the new package; it is now working and the campaign loads with the wrath &amp; glory template.&nbsp; This thread can be closed.