Simon Willison announced the launch of datasette-apps on June 18, 2026, a new plugin that allows users to host self-contained HTML and JavaScript applications directly within Datasette. These applications run inside a tightly constrained iframe, which utilizes a sandbox with "allow-scripts" and "allow-forms" attributes. To prevent malicious code from exfiltrating data, each application is protected by an immutable Content Security Policy (CSP) header that restricts unauthorized HTTP requests to outside domains.

The plugin builds on the concept of sandboxed interfaces to enable secure custom UIs for relational databases. Developers can build applications that run read-only SQL queries or execute specific, user-configured write operations via Datasette's stored queries feature. The system uses MessageChannel() transport for secure communication between the iframe and the parent application, ensuring that commands are only executed through an allow-listed set of operations. This architecture ensures that even if an app is compromised, it cannot access sensitive information like cookies or local storage from the main Datasette instance.

The development of this tool was supported by various AI-assisted coding practices. During the security evaluation phase, an AI model identified a vulnerability where a less-privileged user could potentially exfiltrate private data by tricking an administrator into accessing an app that queries the database. This was addressed by restricting the ability to allow-list CSP domains to authorized staff members, while site administrators maintain control over global CSP origins. The plugin also includes a built-in mechanism to capture and display logs for queries and errors to assist developers in debugging their custom interfaces.

Designed to be compatible with modern AI assistants, the plugin generates copyable prompts containing database schemas, enabling LLMs to write the necessary HTML, CSS, and JavaScript for new applications. This integration allows users to rapidly iterate on custom data visualizations or search tools, furthering Datasette's goal of enabling users to extract insights from data. Users can currently test the feature on the agent.datasette.io demo instance by signing in with GitHub.

Simon Willison announced the launch of datasette-apps on June 18, 2026, a new plugin that allows users to host self-contained HTML and JavaScript applications directly within Datasette. These applications run inside a tightly constrained iframe, which utilizes a sandbox with "allow-scripts" and "allow-forms" attributes. To prevent malicious code from exfiltrating data, each application is protected by an immutable Content Security Policy (CSP) header that restricts unauthorized HTTP requests to outside domains.

The plugin builds on the concept of sandboxed interfaces to enable secure custom UIs for relational databases. Developers can build applications that run read-only SQL queries or execute specific, user-configured write operations via Datasette's stored queries feature. The system uses MessageChannel() transport for secure communication between the iframe and the parent application, ensuring that commands are only executed through an allow-listed set of operations. This architecture ensures that even if an app is compromised, it cannot access sensitive information like cookies or local storage from the main Datasette instance.

The development of this tool was supported by various AI-assisted coding practices. During the security evaluation phase, an AI model identified a vulnerability where a less-privileged user could potentially exfiltrate private data by tricking an administrator into accessing an app that queries the database. This was addressed by restricting the ability to allow-list CSP domains to authorized staff members, while site administrators maintain control over global CSP origins. The plugin also includes a built-in mechanism to capture and display logs for queries and errors to assist developers in debugging their custom interfaces.

Designed to be compatible with modern AI assistants, the plugin generates copyable prompts containing database schemas, enabling LLMs to write the necessary HTML, CSS, and JavaScript for new applications. This integration allows users to rapidly iterate on custom data visualizations or search tools, furthering Datasette's goal of enabling users to extract insights from data. Users can currently test the feature on the agent.datasette.io demo instance by signing in with GitHub.