How safe are HTML5 games?

Post reply
0 favourites
  • 11 posts
From the Asset Store
Jumpy Hedgehog C3 HTML5 Casual Game
$8 USD
Jump on the mole rats and see how far you can go!
01smile's avatar
01smile

  • I came across a thread discussing running executable files from within a game and I wondering if it's even safe to let children play HTML5 games online?

    https://www.construct.net/en/forum/construct-3/general-discussion-7/run-external-executable-file-183805

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads

  • If you're playing online from a browser, there would presumably be no malicious executable on the local device for the app to execute in the first place. My concern was for an NW.js app that is downloaded to be run locally, which could potentially be bundled with additional executable files.

    On the other hand, you're already downloading an executable in the form of the NW.js app and running it anyways, so it's not really a big difference in the end.

    There are better things to worry about regarding children online.

  • Also a malicious exe would often be more dangerous when it has admin privileges (I.e a window will appear asking for the admin password for the computer before it runs). Of course there's occasional exploits found that could be malicious even without admin password, but as long as Windows is kept up-to-date, you're often safe.

    A child shouldn't be admin on a computer as a child could do some wild stuff like delete system files themselves and such.

  • Neither of you are being very convincing HTML5 games are safe. I'm trying to understand this. So you can't trick a child into downloading an executable file from within a game, maybe telling them it's an add-on that allows for more features, and then have a button that executes that downloaded file as described in the linked thread?

    ...but as long as Windows is kept up-to-date, you're often safe.

    A child shouldn't be admin on a computer...

    There are better things to worry about regarding children online.

    You're both making a lot of assumptions about how responsible parents are or what a child should or shouldn't have access to on personal computers and what parents should be worried about online. We can debate all of that, but I'm not really interested in those opinions. I'm just curious to know if HTML5 games are safe.

  • If you're downloading something and running it, it's potentially harmful, however unlikely. This is true for any game (or program attachment, ect.), of any type.

    If you're running a game in a browser off a website, you're pretty safe as long as you have the common sense not to download and run things you don't trust to be safe.

  • Maybe there's confusion about the thread linked:, that thread is about nwjs, which is an EXE version of a html5 games, usually would find these to be distributed via steam - steam having a paid entry fee and someone who attempted to upload a malicious game would lose money and be banned for ever attempting that, never once heard of it happening, so that's the reassuring case for an EXE downloadable html5 game.

    If someone, even an adult, downloads an exe from a friend or unusual website, and they aren't familiar with computers, always used admin account, AND it happened to be an extremely new malicious method that Microsoft haven't seen before (Where Microsoft have dedicated team who are extremely vigilent about updating Windows defender regularly), then yeah they may have their computer compromised.

    A html5 game in the Web browser, like oosyrag mentions, is safe, a lot safer than an exe file, Web browsers have many manny protections in place, many restrictions (cannot run exe from html5 Web browser game).

  • Ok, good to know. Thank you both for taking the time to explain that to me.

  • Just to clarify - browser games are completely safe and absolutely cannot do something like run an executable on your computer. Browsers are essentially a strong kind of security "sandbox" and have permission prompts to access anything potentially sensitive like your camera or microphone, and if you don't trust the website you can just deny permission and that's that.

    If you run an executable, that is something much more risky, as it could be some kind of malware, and downloaded desktop apps have far broader permissions by default - such as being able to read and write files, run other programs, access your camera and microphone without asking for permission, and so on.

    A possible source of confusion is Construct can export your project as a desktop app, using options like NW.js. This then does potentially have all the risks of desktop apps noted above, since those are all risks with any desktop software. However if you are only loading a HTML5 game in a browser, then it's basically completely safe and cannot harm your computer in any way.

  • Thank you for that information. Executable files are not a problem in browser games.

    What about an iframe in a HTML5 game from a malicious website? You might be interacting with a malicious website and not know it. I've been told you can get malware just by visiting a malicious website. Is that not the case anymore?

    I'm not trying to be argumentative. I'm just want to know more. I've been disconnected for a long time and I'm trying to catch up.

  • HTML5 games running in the browser are essentially websites, built using the same technologies like HTML, JavaScript, and CSS. So they follow the same security rules as any other website, including the use of iframe.

    If you're concerned about kids browsing online, there are plenty of great resources on internet safety you can find both online and at your local library.

  • Generally browsers are designed so it's impossible for merely visiting a website to harm your computer in any way. This is definitely not true of running a desktop app, so in this sense browsing the web is fundamentally more secure than running apps locally.

    For an iframe in a game to show a malicious website, the game would probably have to have chosen to do that, which means the game itself is a malicious website. However merely loading or showing it cannot generally harm your computer in any way. If you start interacting with the page it may then try to harm your computer - probably by getting you to download a desktop app, because those are more useful for malicious purposes and it's difficult to do any lasting harm from a website, as browser security is generally very tough and hard to bypass.

    A malicious website might try to do something like trick you in to entering your personal details, or pretend to be your bank and try to steal your login details. This isn't anything to do with Construct or HTML5 games though - these are just general risks of browsing the web, and these risks can be mitigated by some general rules of thumb, like don't download desktop apps unless you know for certain they are trustworthy, check the address bar is the website you're expecting, etc. But the bottom line is: websites are pretty much the safest way to run software - they're generally safer than mobile apps, and certainly safer than desktop apps. No other platform has such strict protections for privacy and security.

Post reply
  • 11 posts
Return to board index
Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)