June 18, 2026
Small app, big comment drama
Datasette Apps: Host custom HTML applications inside Datasette
New Datasette add-on lets people build mini apps—and the comments got spicy
TLDR: Datasette launched a new way to host tiny custom web apps next to your data, aiming to make DIY tools easier and safer. Commenters were split between “this is slick” and “this could go wrong fast,” with bonus drama over the naming and a flurry of people plugging similar projects.
A new add-on for Datasette just dropped, and on paper it’s a neat idea: people can build little self-contained web apps that live inside a Datasette page, so the app and the data stay together in one place. The creator is pitching it as a safer, cleaner way to make custom tools around stored data, with tight browser restrictions meant to stop those apps from snooping, stealing logins, or leaking private info. In plain English: it’s a way to make tiny custom dashboards and tools without flinging your data all over the internet.
But the real entertainment was in the comment section, where the crowd instantly split into familiar internet tribes. One camp was impressed that modern browsers can now do the heavy lifting here—basically, “wow, the web finally grew up.” Another camp hit the brakes hard: yes, it’s clever, but one tiny mistake in the safety setup could turn “cute mini app” into “whoops, private data leak.” That low-key paranoia gave the thread its tension.
Then came the classic community side quest: naming drama. One commenter basically opened with, why are we overloading the word “Datasette” again? A tiny complaint, but exactly the kind of petty-yet-relatable gripe that comment sections live for. And in peak builder-community fashion, several people jumped in with “funny you mention that, I’m making something weirdly similar,” turning the launch into a mini parade of rival projects, half-finished experiments, and humblebrags. So yes, new feature announced—but the comments turned it into a mix of applause, suspicion, and open-source show-and-tell.
Key Points
- •Datasette launched a new plugin called datasette-apps for hosting custom HTML and JavaScript applications inside Datasette.
- •Datasette Apps run in sandboxed iframes and can execute read-only SQL queries, with write access possible through configured stored queries.
- •The security model combines iframe sandbox restrictions with an injected Content Security Policy to block access to cookies, localStorage, the parent DOM, and external network requests.
- •The feature originated as an experiment to build a Claude Artifacts-like mechanism for Datasette Agent before becoming a broader Datasette ecosystem concept.
- •The article links the new plugin to earlier Datasette-based custom app patterns, including an Eventbrite documentation search tool built with SQLite and a custom HTML interface.