Datasette Apps: Host custom HTML applications inside Datasette
Simon Willison · Simon Willison · 2026-06-18
Simon Willison launches datasette-apps, a plugin that runs sandboxed HTML+JavaScript applications inside Datasette using iframe isolation and Content Security Policy headers, inspired by Claude Artifacts and built with extensive LLM assistance.
Appears in
Extraction
Topics: datasettesandboxingcontent-security-policyai-assisted-programmingopen-source-tools
Claims
- Datasette Apps run self-contained HTML+JavaScript in a sandboxed iframe that blocks cookie access, localStorage, and cross-origin HTTP requests via a CSP meta tag.
- The CSP meta tag injected into the iframe is immutable once set, preventing malicious JavaScript from removing or modifying the policy.
- Claude Fable 5 identified a real privilege-escalation vulnerability in which a low-privileged user could trick an admin into visiting a malicious app that exfiltrates private data.
- Write access to the database is mediated through Datasette's stored-query system, allowing apps to execute only pre-approved parameterized SQL statements.
- The plugin includes a copyable LLM prompt containing the database schema, enabling users to generate new apps by pasting into ChatGPT, Claude, or Gemini without Datasette-specific knowledge.
Key quotes
Imagine how much more useful Claude Artifacts could be if they had access to a persistent relational database. That's what I'm building with Datasette Apps!
Once set, the CSP policy is immutable for the content of that frame.
Claude Fable 5 I had it run a security evaluation of the product (an ability that would get it banned by the US government shortly afterwards) and it found a very real problem.