Skip to main content
← Tech Stackups News
On Hacker News

Datasette Apps: Host custom HTML applications inside Datasette

simonwillison.netsubmitted by lumpaJune 19, 2026
Read the full article on simonwillison.net
77
points
26
comments
1
notable voices

The 5-second version

  • Datasette Apps are self-contained HTML+JavaScript applications that run in a sandboxed iframe with restricted access to prevent data exfiltration.
  • Apps can execute read-only SQL queries against Datasette databases, and write queries if configured with stored queries.
  • The security model combines iframe sandbox attributes with an immutable Content-Security-Policy meta header to lock down untrusted code.
  • Communication between the sandboxed app and parent Datasette instance uses MessageChannel() for defense-in-depth against potential exploits.
  • Visible query and error logging helps developers debug apps, with potential for interactive CSP allow-list building based on detected failures.

Top voices

Verbatim comments from the thread's most notable / highest-karma participants.

simonwnotable109.3k karma4 comments
I learned to program on a C64 and one of the first programs I wrote myself was an incredible basic "database" (really just a program that could store and then return simple fielded data.) I named my database management software Datasette as an homage to the C64. I also figured it would be a unique name that would be easy to search for... ... jokes on me, it turns out the retro computing C64 community is way more active than I expected and there are still plenty of people taking about Datasette…
Read on HN ↗
tadfisher6.8k karma
I think the current meaning has quite successfully replaced the original usage. Unless you typed this on a Commodore VIC-20, I suppose.
Read on HN ↗
vermilingua5k karma
My favourite Datassette is the electronic artist. https://datassette.bandcamp.com/ https://musicforprogramming.net/
Read on HN ↗
euroderf3.9k karma
I never understood why someone hasn't made a framework that makes it stupidly easy to fill an HTML page with SQLite database tables, with all the usual display controls, and with as much "liveness" as desired, and with a protocol (over HTTPS) to manage comms to a server-side instance. SQLite is robust, lightweight, bulletproof - a WASM build belongs on ALL the webpages !
Read on HN ↗
Read the full article →Join the discussion on Hacker News →