Submitted by Lukas Masuch


Execute untrusted Streamlit code in a sandboxed environment.



This function allows you to execute untrusted Streamlit code inside the user's web browser by using stlite ( instead of the App server. This is useful for apps that generate and execute Streamlit (or Python) code at runtime based on some user instructions. Doing this inside the main Streamlit app would be unsafe since the user could execute arbitrary code on the server.

There are a few limitations to this approach: * stlite does not support the full set of Streamlit features. See the stlite documentation for more details on limitations: * Since the code is executed inside the user's browser, it cannot access any files, session state, or other functionalities of the server. * The available compute resource depend on the user's machine. So, this is not suited for heavy computations.


Name Type Description Default
code str | Callable[[], None]

The code to execute. This can either be a string containing the code or a function. If a function is passed, the source code will be extracted automatically. The function is required to be fully self-contained and not reference any variables outside of its scope.

stlite_version str | None

The version of stlite to use. If None, the latest version will be used.. Defaults to None.

requirements List[str] | None

A list of Python packages to install before executing the code. If None, the following packages will be installed: pandas, numpy, plotly, altair.

height int

The height of the embedded app in pixels. Defaults to 700.

scrolling bool

Whether to allow scrolling inside the embedded app. Defaults to False.

Source code in src/streamlit_extras/sandbox/
def sandbox(
    code: str | Callable[[], None],
    stlite_version: str | None = None,
    requirements: List[str] | None = None,
    height: int = 700,
    scrolling: bool = False,
) -> None:
    stlite_css_url = (
    stlite_js_url = (

    if stlite_version is not None:
        stlite_css_url = f"{stlite_version}/build/stlite.css"
        stlite_js_url = f"{stlite_version}/build/stlite.js"

    if inspect.isfunction(code):
        function_name = code.__name__
        code = textwrap.dedent(inspect.getsource(code))
        code += f"\n\n{function_name}()"

    if not requirements:
        requirements = [
<!DOCTYPE html>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
      content="width=device-width, initial-scale=1, shrink-to-fit=no"
    <title>Embedded Streamlit App</title>
    <div id="root"></div>
    <script src="{stlite_js_url}"></script>
      if ( !== "?embed=true{"&embed_options=disable_scrolling" if scrolling is False else ""}") {{ = "?embed=true{"&embed_options=disable_scrolling" if scrolling is False else ""}";
    requirements: ["{'","'.join(requirements)}"], // Packages to install
    entrypoint: "",
    files: {{
      "": `
import streamlit as st

st.markdown('<style>[data-baseweb~="modal"]{{visibility: hidden;}}</style>', unsafe_allow_html=True,)



from streamlit_extras.sandbox import sandbox # (1)!
  1. You should add this to the top of your .py file 🛠



def example():
    def embedded_app():
        import numpy as np
        import pandas as pd
        import as px
        import streamlit as st

        def get_data():
            dates = pd.date_range(start="01-01-2020", end="01-01-2023")
            data = np.random.randn(len(dates), 1).cumsum(axis=0)
            return pd.DataFrame(data, index=dates, columns=["Value"])

        data = get_data()

        value = st.slider(
            "Select a range of values",
            (int(data.min()), int(data.max())),
        filtered_data = data[(data["Value"] >= value[0]) & (data["Value"] <= value[1])]
        st.plotly_chart(px.line(filtered_data, y="Value"))

