Week 20 Summary

Simon Willison — Week of 2026-05-08 to 2026-05-15#

Highlight of the Week#

The standout development this week is Simon’s rapid adaptation to the latest frontier model capabilities, most notably releasing llm 0.32a2 to expose and visualize the new interleaved reasoning tokens of GPT-5 class models directly in the terminal. This perfectly pairs with his hands-on explorations of embedding LLM calls deeply into developer workflows, such as executing prompts via script shebangs and leveraging models to output rich HTML rather than just Markdown.

Week 25 Summary

Simon Willison — Week of 2026-06-12 to 2026-06-18#

Highlight of the Week#

The most impactful release this week is the launch of datasette-apps, a major new plugin that allows developers to run self-contained, sandboxed HTML and JavaScript applications directly against a persistent Datasette backend. It brilliantly merges Simon’s ongoing experiments with AI-generated “vibe-coded” single-file tools and robust security architectures, pushing Datasette from a read-only publishing platform into a comprehensive ecosystem for building interfaces over data.

Week 26 Summary

Simon Willison — Week of 2026-06-18 to 2026-06-25#

Highlight of the Week#

This week’s absolute standout is the launch of the datasette-apps plugin, which fundamentally transforms how we build micro-applications over local databases. By utilizing tightly constrained iframe sandboxes and Content-Security-Policy headers, developers and LLMs alike can safely run custom HTML/JS interfaces against a persistent Datasette backend. It brilliantly merges Simon’s ongoing experiments with AI-assisted “vibe coding” and robust security architectures into a core ecosystem feature, effectively bridging the gap between Claude Artifacts and secure data environments.

2026-05-13

Simon Willison — 2026-05-13#

Highlight#

Simon’s standout experiment today demonstrates a clever UX workaround for sandboxed iframes, intercepting Content Security Policy (CSP) errors and passing them to the parent window for user approval. It is a great example of his hands-on AI-assisted programming, notably built using GPT-5.5 xhigh in the Codex desktop app.

Posts#

[CSP Allow-list Experiment] · Source This technical experiment explores how to load an app within a CSP-protected sandboxed iframe while maintaining a smooth user experience. Simon implemented a custom fetch() that catches CSP errors and passes them up to the parent window. The parent window can then prompt the user to add the blocked domain to an allow-list before refreshing the page. He built the tool using GPT-5.5 xhigh via the Codex desktop app.

2026-06-18

Simon Willison — 2026-06-18#

Highlight#

Simon has launched datasette-apps, a major new concept allowing developers and LLMs to build self-contained, sandboxed HTML+JS applications that run directly against a persistent Datasette backend. It brilliantly merges his ongoing experiments with “vibe-coded” single-file HTML tools, Claude Artifacts, and secure iframe sandboxing into a core feature of the Datasette ecosystem.

Posts#

Datasette Apps: Host custom HTML applications inside Datasette This post dives deep into the “why” and “how” behind the newly released datasette-apps plugin. The plugin allows tightly constrained iframe sandboxes to run JavaScript that executes read-only SQL queries or allow-listed stored write queries against a Datasette instance. Simon outlines the clever security architecture required to run untrusted code safely on an authenticated domain containing private data, relying on an <iframe sandbox="allow-scripts"> tag combined with an immutable, injected Content-Security-Policy (CSP) header. He also details porting his API communication from postMessage() to MessageChannel(), a defense-in-depth upgrade suggested by GPT-5.5. The plugin seamlessly integrates AI workflows by providing a copyable prompt—complete with database schemas—that users can drop into ChatGPT or Claude to instantly generate a working app. Additionally, Simon shares a fascinating security anecdote: before access was restricted, he used Claude Fable 5 to evaluate the product, and the model discovered a severe data exfiltration vulnerability related to CSP allow-listing, which he promptly patched by locking down domain-allow permissions to trusted staff.