LLM Engineering
Prompt an LLM to emit a complete, self-contained HTML app and run it safely in a sandboxed iframe. Covers the output contract (one file, pinned CDN versions, module scripts), the sandbox and CSP for untrusted output, size caps, and the blank-frame failure modes.
4 files
Description
Prompt an LLM to emit a complete, self-contained HTML app and run it safely in a sandboxed iframe. Covers the output contract (one file, pinned CDN versions, module scripts), the sandbox and CSP for untrusted output, size caps, and the blank-frame failure modes.
A single-file app is a complete program - markup, styles, and scripts - in one
.html string you can write to an iframe and run with no build step. It is the
right unit whenever a model generates something a user should see run
immediately: an artifact, a live preview, a generated tool, a playground. The
skill is getting the model to emit output that actually runs, and running that
untrusted output without handing it your origin.
Tell the model exactly what to emit. Vague prompts produce multi-file projects,
bare npm install instructions, or React with no runtime. Require:
<!DOCTYPE html> document with all CSS
in a <style> and all JS in <script> tags. No external file references you
do not control, no build step, no bundler, no npm install.https://esm.sh/react@19.0.0, not @latest and not a bare
react. Unpinned URLs are the top cause of an app that renders today and 500s
next week when the CDN moves. Prefer an import map for readability. See
reference/output-contract.md.import must be in
<script type="module">; browsers reject bare import in a classic script.
Declare bare specifiers in an <script type="importmap"> before the module.
See reference/output-contract.md.postMessage handshake.console.error, so a broken app is diagnosable from the frame, not just the
console.Generated code is untrusted. Render it in a sandboxed iframe that CANNOT reach your origin:
sandbox="allow-scripts" and DO NOT add allow-same-origin. The two
together let the framed script remove its own sandbox attribute and escape -
no safer than no sandbox at all. Without allow-same-origin the frame is an
opaque origin: no cookies, no localStorage, no reading the parent.srcdoc (or a blob:/data URL), never by writing it to
a same-origin route.Content-Security-Policy (a <meta http-equiv> inside the document, or
the CSP sandbox directive) as defense in depth on top of the attribute.postMessage only, and you validate every
message.See reference/sandbox-and-safety.md for the exact iframe wiring and CSP.
reference/failure-modes.md.allow-scripts yes, allow-same-origin no. Non-negotiable for untrusted output.reference/output-contract.md - the exact document skeleton, import maps vs script tags, pinning, the prompt template.reference/sandbox-and-safety.md - the iframe wiring, sandbox tokens, CSP, and the postMessage handshake.reference/failure-modes.md - blank-frame causes, size caps, and a triage checklist.Added 2026-07-01. Back to the Skill Library.

New tutorials, open-source projects, and deep dives on coding agents - delivered weekly.