Datasette Apps plugin lets you host sandboxed HTML apps inside Datasette
A new `datasette-apps` plugin lets developers host self-contained HTML+JavaScript applications inside Datasette, with sandboxed iframes that can run read-only (and optionally write) SQL queries against Datasette data while being locked down from accessing cookies, localStorage, or external hosts.
Score breakdown
The sandboxed iframe pattern gives Datasette a safe, extensible surface for running untrusted HTML+JavaScript apps with direct access to a persistent relational database, without risking exposure of private data held in an authenticated Datasette instance.
- 01A new plugin, `datasette-apps`, was launched for the Datasette project on June 18, 2026.
- 02Apps are self-contained HTML+JavaScript applications running in sandboxed iframes inside Datasette.
- 03The `sandbox=` iframe attribute prevents apps from accessing the parent DOM, cookies, or localStorage.
The Datasette project released `datasette-apps`, a plugin that enables self-contained HTML+JavaScript applications to be hosted directly inside a Datasette instance. These apps run inside sandboxed iframes using the `sandbox=` attribute, which prevents them from reading the parent DOM, accessing cookies, or stealing secrets from localStorage. An injected CSP header further locks down the apps by blocking outbound HTTP requests to external hosts, making it impossible for a malicious or buggy app to exfiltrate private data from an authenticated Datasette instance.
To allow useful functionality within that locked-down environment, the plugin implements a controlled communication protocol using `postMessage()` and `MessageChannel()`.
To allow useful functionality within that locked-down environment, the plugin implements a controlled communication protocol using `postMessage()` and `MessageChannel()`. This lets an iframe request that the parent window execute a SQL query, with the parent verifying the query targets an allow-listed database before running it. The article notes that GPT-5.5 suggested porting from a pure `postMessage()` approach to a `MessageChannel()`-based transport as a defense-in-depth measure. Apps can run read-only SQL queries by default, and write queries are also supported if configured via stored queries. The feature grew out of an effort to build a Claude Artifacts-style mechanism for Datasette Agent, and also draws on the author's long-running collection of vibe-coded HTML tools. A demo instance is available at `agent.datasette.io`.
Key facts
- 01A new plugin, `datasette-apps`, was launched for the Datasette project on June 18, 2026.
- 02Apps are self-contained HTML+JavaScript applications running in sandboxed iframes inside Datasette.
- 03The `sandbox=` iframe attribute prevents apps from accessing the parent DOM, cookies, or localStorage.
- 04An injected CSP header blocks apps from making HTTP requests to external hosts, preventing data exfiltration.
- 05Apps communicate with the parent window via a `postMessage()`/`MessageChannel()` protocol to run SQL queries against allow-listed databases.
- 06Apps support read-only SQL queries by default; write queries are available if configured with stored queries.
- 07The feature originated as an attempt to build a Claude Artifacts-style mechanism for Datasette Agent before being promoted to a top-level concept.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 19, 2026 · 10:25 UTC. How this works →