Game Requirements
Technical requirements and limits for HTML5 games on RetiPie.
Every game on RetiPie is a self-contained HTML5 application. This page covers the technical requirements, allowed file types, and size limits your game must meet.
Entry point
Your game must include an index.html file. This is the file RetiPie loads when a player opens your game. For ZIP uploads, index.html must be at the root of the archive (or inside a single root folder, which is automatically stripped).
Allowed file types
Only the following file types are accepted inside game uploads:
| Category | Types | Max size per file |
|---|---|---|
| HTML | text/html | 5 MB |
| CSS | text/css | 2 MB |
| JavaScript | application/javascript, text/javascript | 10 MB |
| JSON | application/json | 2 MB |
| Images | PNG, JPEG, GIF, WebP | 10 MB |
| SVG | image/svg+xml | 2 MB |
| Audio | MP3, OGG, WAV, WebM audio | 20 MB |
| Fonts | WOFF, WOFF2, TTF | 5 MB |
| WebAssembly | application/wasm | 50 MB |
Files with unrecognized content types are rejected. If your game needs a file type not listed here, bundle it as a supported format or reach out to support.
ZIP archive limits
If you upload a ZIP file:
- Maximum ZIP size: 500 MB
- Maximum files in archive: 1,000
- Maximum single file in archive: 200 MB
- Maximum path length: 240 characters
- Decompression ratio limit: 100x (zip bomb protection)
Content validation
Every upload goes through several validation steps:
Magic bytes verification
Binary files (images, audio, fonts, WASM) are verified by their magic bytes to ensure the file content matches the declared content type. Text-based files (HTML, CSS, JS, JSON, SVG) are checked to confirm they contain valid text and are not binary files with a spoofed extension.
Ad and tracking script scanning
All HTML and JavaScript files are scanned for known ad network domains and tracking scripts. If any are detected, the upload is rejected.
Third-party ad and tracking scripts are not allowed on RetiPie. This includes Google AdSense, Facebook Pixel, Google Analytics, Unity Ads, and many others. Read the full No Ads Policy for details.
File name sanitization
File names are sanitized to prevent path traversal attacks and ensure compatibility. Only alphanumeric characters, dashes, underscores, dots, and forward slashes are allowed. Path traversal sequences like ../ are stripped.
Runtime environment
Sandboxed iframe
Games run inside a sandboxed iframe. This isolates your game from the rest of the platform and from other games.
Content Security Policy
RetiPie enforces a strict Content Security Policy on all game responses:
script-src 'self' 'unsafe-inline'— only scripts from the game origin and inline scripts run. External script loading is blocked.connect-src 'self'— no outbound network requests to external servers.frame-src 'none'— no nested iframes.
This means your game cannot load resources from external CDNs, APIs, or servers at runtime. Bundle everything with your upload.
Bundle all assets with your game. External fonts from Google Fonts, scripts from CDNs, images from other servers — none of these will load at runtime. Include all assets in your ZIP or HTML file.
Thumbnail
Game thumbnails are optional but recommended. They appear in the game feed and on your game's page.
- Accepted formats: PNG, JPEG, WebP
- Maximum size: 2 MB