Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account

All @import statements result in CSS security violation

  1. Community Forums
  2. Character Sheets & Compendium
  3. All @import statements result in CSS security violation
1693859475
Jānis A.
Permalink for 11608683 Quote
I tried importing a bunch of fonts and they all resulted in CSS security violation and me being unable to style roll template. I followed the rules as laid out in the wiki here: <a href="https://wiki.roll20.net/CSS_Wizardry#Google_Fonts" rel="nofollow">https://wiki.roll20.net/CSS_Wizardry#Google_Fonts</a> Even the example import statement results in a CSS security violation for me. @ import url ( '<a href="https://fonts.googleapis.com/css?family=Sigmar+One&amp;display=swap" rel="nofollow">https://fonts.googleapis.com/css?family=Sigmar+One&amp;display=swap</a>' ); After removing the @import statement the CSS security violation went away.
1693860358
vÍnce
Pro
Sheet Author
Permalink for 11608710 Quote
Does it prevent the sheet from loading or is it just a logged in the browser's console?
1693860416

Edited 1693860737
Jānis A.
Permalink for 11608711 Quote
vÍnce said: Does it prevent the sheet from loading or is it just a logged in the browser's console? It removes the styling from the roll template. If there's an import statement in the stylesheet none of my custom styling gets applied. All of it gets dropped. Alright, I found a workaround. I went directly to the URL in the import statement e.g. <a href="https://fonts.googleapis.com/css?family=Sigmar+One&amp;display=swap" rel="nofollow">https://fonts.googleapis.com/css?family=Sigmar+One&amp;display=swap</a> And copied the CSS. @font-face { font-family: 'Sigmar One'; font-style: normal; font-weight: 400; src: url(<a href="https://fonts.gstatic.com/s/sigmarone/v18/co3DmWZ8kjZuErj9Ta3do6Tppg.woff2" rel="nofollow">https://fonts.gstatic.com/s/sigmarone/v18/co3DmWZ8kjZuErj9Ta3do6Tppg.woff2</a>) format('woff2'); } It's probably a bad idea directly linking like that as the src might change. And I am not sure whether all browsers support woff2 like that. But it works?
1693860981
vÍnce
Pro
Sheet Author
Permalink for 11608726 Quote
Not sure; I just tested using @ import url ( '<a href="https://fonts.googleapis.com/css?family=Sigmar+One&amp;display=swap" rel="nofollow">https://fonts.googleapis.com/css?family=Sigmar+One&amp;display=swap</a>' ); loaded with no errors in FF 117.0
1693861037

Edited 1693862361
vÍnce
Pro
Sheet Author
Permalink for 11608729 Quote
Are you adding it as the first line of your css?&nbsp; I think that is required on roll20 sheets I guess it needs to be at the top of the css by rule anyhow. <a href="https://developer.mozilla.org/en-US/docs/Web/CSS/@import" rel="nofollow">https://developer.mozilla.org/en-US/docs/Web/CSS/@import</a> Disregard. I think there was an issue with Legacy sheets breaking when @import was added.
1693867747
Scott C.
Forum Champion
Sheet Author
API Scripter
Compendium Curator
Permalink for 11608851 Quote
Yes, and roll templates operate under legacy regardless of what the sheet uses, but the other import statements are simply removed by the sanitizer.
You must Login to your Roll20 Account to post a reply.