When the sandbox directive is included in the contentsecuritypolicy, even when it includes allow-scripts, it breaks all functionality from the extensions. It seems allow-scripts is simply ignored.
Sandbox not working in CSP
See feedback assistant ticket: https://feedbackassistant.apple.com/feedback/9612454
Is it possible to add a sample extension that reproduces this to the feedback? I'm not exactly sure what the error you are seeing is.
Thanks!
A sample extension can be found here: https://static.jeurissen.co/9612454-apple-sandbox-issue.zip
In Chrome and Firefox, "loading..." changes to "loaded". Not in safari due to this issue. The script simply doesn't load.
The manifest of said sample extension: