Skip to main content

excaliburjs logoSandboxing

For security reasons, games running on xelly.games are sandboxed ¹.

This means that your game code is limited in what it can do with browser resources.

Most importantly, this includes it not being able to make network calls (use fetch, form POST, etc).

It also means it can't:

  • Access cookies or local storage from the parent domain
  • Access the parent window or its DOM
  • Create new windows or popups
  • Use browser features that require permissions (geolocation, notifications, etc.)
  • Manipulate the URL fragment or history
warning

Because you can't make network calls from your code, your entire game must be deployed as a single build file, and any resources such as graphics, sprites, spritesheets, fonts, etc. must be bundled into the built output file (bundle.js).

See Game Resources for how to use custom sprites and fonts and compile them into your games.

¹ Specifically, via <iframe allow-scripts/>.