Datasette Apps lets you host sandboxed HTML apps inside Datasette

Simon Willison's new Datasette Apps plugin lets you host self-contained HTML and JavaScript applications directly inside a Datasette instance. The idea started, as Willison explains, as "my attempt at building a Claude Artifacts mechanism for Datasette Agent," but he quickly found the sandboxed pattern useful well beyond the chat interface context.

The security architecture is layered. Apps run inside an iframe with the `allow-scripts allow-forms` sandbox attribute, which blocks access to cookies and localStorage. An injected Content Security Policy header prevents the app from making HTTP requests to external hosts. According to Willison, the sandbox and CSP configuration went through multiple AI-assisted prototypes and tests.

Write operations are supported through Datasette's stored queries feature: you create a parameterized insert or update query, then allow-list that specific query for an app to use. It is a controlled surface, not raw SQL execution, but apps can modify data if the instance is configured that way.

The AI tooling angle is direct. The app creation form generates a copyable prompt that includes the schema of any selected databases, giving a language model everything it needs to write a new app from a plain-language description. Paired with Datasette Agent, that workflow becomes conversational.

The pattern has personal history: one of Willison's earliest Datasette projects was an internal search engine for documentation at Eventbrite, built by importing documents into SQLite on a schedule and serving them through a custom HTML and JavaScript interface. Datasette Apps generalizes that pattern into a plugin architecture with AI-assisted generation to reduce the cost of building such tools. What the article does not address is how apps would be packaged for sharing across instances, or how user identity crosses the iframe boundary when write permissions need to be enforced.