For the HTML your agent just built

Share HTML that just opens.

Drop a self-contained HTML artifact and get a clean, fast, sandboxed link. Fully rendered, fully interactive — no installs and no sign-ups for the people you share with.

Open the app How it works
  • No passwords
  • Sandboxed view domain
  • Ready in seconds
view.htmlshare.ca/aurora-deck

Drop an HTML artifact

or browse · up to 5 MB

Aurora — Q2 Strategy Deck.html

248 KB · Jun 13, 2026 · /aurora-deck

Copied

Why htmlshare

Built for one job, done properly

No editor, no collaboration, no bloat. Just frictionless hosting for the HTML you already have — with a security model you can explain in a sentence.

Links that never break

Each artifact gets a short, non-enumerable slug, decoupled from storage — so a URL you shared last month still resolves today.

Full fidelity, preserved

JavaScript runs, CDN styles load, charts animate. What your agent built is exactly what your recipient sees.

Sandboxed by design

Served from a separate view domain that holds no cookies and no API access. A locked-down boundary, not an afterthought.

Share or hand off

Copy a view link to show it inline, or a download link to send the raw HTML as a file. One artifact, two ways out.

Your private library

Every artifact you’ve ever shared, in one reactive list — preview, re-share, or retire it the moment it’s stale.

Fast from anywhere

Static HTML served close to your recipients for a sub-second first paint, on any device, any browser.

How it works

From file to shared link in three steps

  1. 1

    Upload

    Drop a self-contained HTML file. We check the type and size, store it, and mint a fresh, random slug.

  2. 2

    Copy the link

    A clean view-domain URL lands in your clipboard, ready to paste into an email, chat, or doc.

  3. 3

    They open it

    Recipients see a fully rendered, fully interactive page in any browser — no install, no account.

Security

A trust boundary you can explain in one line

Untrusted HTML is powerful, so it lives behind a wall. Shared content is served from a separate domain with no cookies, no API access, and a content policy that forbids every outbound call.

  • Auth cookies are scoped to the app host and never reach shared content.
  • Uploaded HTML can render and run, but cannot make any network request.
  • In-app previews run in a sandbox with same-origin privileges stripped.
  • The storage origin is never exposed — every request passes the hardened edge.

app domain

Auth · cookies · your library

view domain

Public · no cookies · CSP-locked

Content-Security-Policy: connect-src 'none'

The load-bearing line.

Your next artifact deserves a real link.

Sign in with a magic link and share your first HTML file in under a minute.

Open the app Sign in