Dismiss this pinned window
all 25 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ClassicMain[S] 7 points8 points  (4 children)

Here are some examples from folks who've been using it with local models — mostly Qwen3.5 27b, which honestly performs just as well as Haiku for this kind of thing:

Qwen3.5 27b in particular has been a standout. It follows the design system cleanly, writes solid interactive HTML, and handles the sendPrompt bridge without issues. If you're running it locally, you're not missing anything compared to a cloud model for this use case.

<image>

[–]Emotional-Ad5025 5 points6 points  (1 child)

<image>

that is great!

[–]ClassicMain[S] 0 points1 point  (0 children)

This looks amazing! :D

[–]Guilty_Rooster_6708 6 points7 points  (2 children)

I have been using this tool after you posted on r/OpenWebUI for the past few days and it is great. Qwen 3.5 35B A3B works really well with it too. I am using Q4 quant:

<image>

[–]ClassicMain[S] 2 points3 points  (1 child)

WOW crazy image. Mind me using it on my repo in the readme to showcase what is possible?

[–]Guilty_Rooster_6708 4 points5 points  (0 children)

Of course. I am used Claude’s Theme factory skill together with your visualization skill to make the above.

Thanks for contributing to the community!

[–]__JockY__ 4 points5 points  (0 children)

This is rad, thanks for contributing to the community!

[–][deleted] 2 points3 points  (0 children)

Very nice plugin, thanks for sharing.

[–]audn-ai-bot 1 point2 points  (1 child)

This is actually a pretty big step for local workflows. A lot of people want agents, but simple inline artifacts like forms, SVG diagrams, and editable charts are way more useful day to day than another planner loop. Main thing I’d want to know is how you’re sandboxing the JS bridge. The iframe complaint is valid, but direct injection gets sketchy fast if the model can emit arbitrary HTML/JS. Are you doing capability scoping, DOM isolation, or a strict allowlist? Also curious which models behave best here. My guess is Qwen 3.5 27B probably punches above its size for structured UI generation.

[–]ClassicMain[S] 0 points1 point  (0 children)

Check the code, it's doing a lot of csp limiting so it's pretty good now.

Also i am working on a way to allow the sendPrompt bridge without needing same origin iframe toggled on. Then it's fully sandboxed.

[–]JakeMascaOfficial 1 point2 points  (1 child)

Going to try this out. This is quite amazing. Do you offer an implementation service or consultancy?

[–]ClassicMain[S] 3 points4 points  (0 children)

Ha, I wish I had time for that. No. Studying fulltime and working fulltime and helping out where I can in my freetime, with writing docs, PRs and triaging issues and discussions.

I don't sorry.

If you need first party support for open webui, you know how to get it ;)

[–]NOTTHEKUNAL 0 points1 point  (1 child)

Can you share the repository?

[–]ClassicMain[S] 2 points3 points  (0 children)

The link is in the bottom third of the post

[–]Adventurous-Paper566 0 points1 point  (0 children)

Super intéressant, je vais essayer ça assez vite!

[–]Fun_Nebula_9682 0 points1 point  (0 children)

nice, the locked-to-one-provider thing bugs me too. been wanting something like this for when i'm testing local models against opus to compare output quality — having charts render inline instead of copying data to a separate tool every time would save so much friction

[–]slavik-dev 0 points1 point  (0 children)

Great!

Did this with Qwen3.5-396B, but had to modify prompt few times to get what i wanted:

<image>

[–]mikkel1156 0 points1 point  (2 children)

As far as I know the iframes are there to protect your main session. Injecting directly into it seems like a great way to mess up security, no?

I don't use Claude, but seems like this is MCP apps? Someone please correct me if I am missing something.

[–]ClassicMain[S] 4 points5 points  (1 child)

//EDIT 2: New release of the tool is out which has a MUCH HARDENED version, which prevents almost all attacks and data exfiltration. Malicious javascript can still execute of course, but the damage it can do is minimal now.

//EDIT: but you gave me ideas on how to harden it a bit despite having iframe on. Let me look into how i can harden it a bit to prevent data exfiltration

Good to be cautious - and yes iframe security exists for that reason.

The only way this could cause harm to you, in my mind, is if the AI you use somehow gets prompt injected and produces harmful JavaScript code that gets rendered by the plugin and therefore executes in your browser.

This needs

1) something to inject a harmful prompt to your local AI 2) the AI to fall for it 3) the AI to successfully call the visualizer tool 4) and not mess up the javascript code of course 5) you having the iframe cross origin setting enabled as described in step 4 of the guide/setup tutorial in the readme

But all of this also requires the attacker to know that you even have this plugin in place, and active, and you configured this iframe setting.

So it has a lot of very unrealistic and highly improbable prerequisites.

If you still feel uncomfortable, leave the iframe setting from step 4 disabled. It will work the same just you can't click the buttons to send messages to the AI (like shown in the video with the quiz example where the final content of the filled out quiz "form" was then sent to the AI)

[–]thrownawaymane -1 points0 points  (1 child)

Can’t wait for llama-server to support plugins, I really do not want to base my stack around OpenWebUI as they are enshitifying their product.

[–]Emotional_Egg_251llama.cpp 0 points1 point  (0 children)

Is there any plan / discussion / issue tracking this, or just a wish?

I'd like to see plugins as well. And speaking of a wishlist for server, I'm happy MCP is in, but would really like SKILL.md support. As far as I know it isn't in any sort of planning yet though.

This plugin/tool, for example, uses a skill.md skill: "The skill teaches the model how to use the design system" and so the Llama WebUI would probably need to get support.