Source: Datasette Apps · Simon Willison · June 18, 2026
The new datasette-apps plugin hosts self-contained HTML+JavaScript apps inside Datasette—read-only SQL by default, writes via allow-listed stored queries—on authenticated instances with private data.
Why
Datasette has long been a backend for custom HTML via its JSON API. Willison combines that pattern with Claude Artifacts-style sandboxes: what if artifacts had a persistent relational database?
Key patterns
iframe sandbox + immutable CSP blocks cookies, localStorage, and outbound HTTP. MessageChannel (upgraded from postMessage) closes on navigation. Visible query/error logs aid debugging. Stored queries gate writes safely. Copy-paste LLM prompts with schema help models generate apps.
Security fix
Claude Fable 5 found a CSP allow-list exfiltration path via admin trickery; fixed with apps-set-csp permission and site-level allowed_csp_origins.
Takeaway
Structured data + sandboxed UI—not RAG—for data journalism and internal tools. Try the demo at agent.datasette.io.