source: simon willison: datasette apps: host custom html applications inside datasette
level: technical
datasette apps is a new plugin that runs self-contained html and javascript applications in a tightly sandboxed iframe. the apps can execute read-only sql queries against datasette databases and, with stored queries, perform write operations. the sandbox uses iframe attributes and a content security policy to block network requests to outside hosts, preventing data exfiltration. this design allows untrusted code to run safely on authenticated datasette instances that may contain private data.
the plugin uses messagechannel for communication between the iframe and the parent, which automatically closes if the page navigates away, adding defense in depth. visible logs capture sql queries and errors, helping developers debug apps. for write operations, users can create stored queries and allow-list them for specific apps, enabling safe insert or update actions. the system also supports building apps by copying a prompt that includes database schemas, which can be pasted into an llm to generate code.
datasette apps evolved from an earlier plugin for datasette agent and was built with extensive ai assistance, including security reviews. a discovered vulnerability where a malicious app could steal data by tricking an admin was fixed by restricting csp host allow-listing to a new permission. the project extends datasette beyond read-only data exploration into a platform for building custom interfaces and visualizations, aiming to support full read-write applications safely.
why it matters: it provides a secure way to build interactive data applications on top of datasette, enabling custom visualizations and write operations without compromising private data.
source: simon willison: datasette apps: host custom html applications inside datasette