Datasette Apps plugin lets users host custom HTML+JavaScript apps inside Datasette

Simon Willison released a new plugin, datasette-apps, that lets users host custom HTML+JavaScript applications inside a Datasette instance. These applications run in a tightly constrained iframe sandbox with a strict Content Security Policy (CSP) header, preventing access to cookies, localStorage, and external HTTP requests unless explicitly allow-listed.

The apps can execute read-only SQL queries against Datasette data and, when configured, run write queries via Datasette’s stored queries feature. This allows building interactive tools like a timeline viewer or a headlines app that directly query and update data.

Security is enforced through a combination of iframe sandbox attributes and an injected CSP header that locks down network access. Errors and SQL queries are logged visibly to aid development, and write operations are gated by stored queries that must be explicitly allow-listed for each app.

The plugin also supports generating apps via LLM prompts. A copyable prompt is provided in the create-app interface, enabling models like ChatGPT, Claude, or Gemini to generate or revise app code. Users with Datasette Agent installed can create or edit apps through an AI assistant interface.

Willison built the plugin with extensive AI assistance, including planning with Codex Desktop and GPT-5.5, and a security evaluation by Claude Fable 5 that identified and helped remediate a potential data exfiltration vector. The design emphasizes defense-in-depth, with restricted permissions for CSP host allow-listing and a new apps-set-csp permission for trusted staff.