Datasette, an open-source tool for exploring data in SQLite and PostgreSQL, just shipped Datasette Apps. Developers can now build custom HTML and JavaScript interfaces inside Datasette instances with direct SQL query access. The innovation is the sandboxing: apps run in isolated iframes with strict Content Security Policy headers that prevent data theft, even if the code is buggy or malicious—the sandbox even blocks access to cookies and localStorage. The pattern started from Simon Willison's work on Claude Artifacts and similar tools. He realized that pairing an untrusted frontend with a secure backend database is surprisingly powerful. You can test it on the agent.datasette.io demo.

Listen to this story

Hear this and more stories in a personalized audio briefing.

Open The Chonkerton