Sources
Simon Willison Researches CSP Iframe Sandboxing for Building Claude Artifacts Alternative
Simon Willison published practical research on whether JavaScript can escape a Content Security Policy meta tag inside a sandboxed iframe, motivated by building his own version of Claude Artifacts. The investigation explores the security boundaries of user-generated code execution in the browser — directly relevant to anyone building AI coding tools with preview capabilities. A useful reference for the growing wave of 'artifact-style' AI UIs.
↳ Follow the thread