Viblast

We are trying to use the video player on a KaiOS phone and we are facing some issue due to the restriction that are imposed by this OS. In fact few rules related to the CSP restrictions, prevent the video player to be executed on the firefox browser installed in this device. In particular R4 and R5 listed below are not respected.  : 

• [R1] <script> content are not allowed in the HTML page (Javascript must be in separate file).
• [R2] Creating <script> elements dynamically is not allowed.
• [R3] Using the eval() function is not allowed.
• [R4] Using the Function() class to build a function from as character string is not allowed.
• [R5] Using setTimeout or setInterval function with a character string is not allowed.
• 
  

some details about the KaiOS restriction can be found here: 

Specific page about KaiOS :

https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/Firefox_OS_apps/Building_apps_for_Firefox_OS/Manifest#csp

This page says application manifest can have a CSP field, but

The default policies applied to Firefox OS privileged and internal/certified apps are as follows:

Privileged CSP

default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'

Certified/Internal CSP

default-src *; script-src 'self'; object-src 'none'; style-src 'self'

These defaults can’t be overridden,only added to, i.e.the CSP policy in the manifest can only make the actual CSP applied more restrictivein the case of privileged/internal apps.

Well, KaiOS is quite new your are right but it is growing quite fast. you can refer to this news for example 

https://react-etc.net/entry/kaios-2nd-most-popular-mobile-os-after-android-ios-drop

We will try to provide you the information you have requested. 

thanks