Thursday, February 23, 2023

Adding Trusted Types to Google Workspace

Update

[August 2, 2023] This feature has fully rolled out Calendar, Docs, Sheets, Slides, Forms, Sites, Jamboard, Drawings and Drive.


[April 26, 2023] We have paused rollout for this feature for Docs, Sheets, Slides, Forms, Sites, Jamboard, Drawings and Drive while we evaluate performance and quality. We will provide an update once rollout resumes.



What’s changing

We’re improving the client-side security of Google Docs, Sheets, Slides, Forms, Sites, Jamboard, Drawings, Drive, and Calendar with Trusted Types. This will provide an extra layer of protection around Document Object Model (DOM) APIs that are used by the apps listed above or third-party extensions. 

This new enforcement mode will require third-party extensions to use typed objects instead of strings when assigning values to DOM APIs, and will begin rolling out on March 23, 2023. Once Trusted Types are fully enforced, the Trusted Types directive will be present in the Content Security Policy (CSP) header: 

Who’s impacted

Developers (relying on any Chrome extensions that modify DOM APIs.) 


Why it’s important

Trusted Types is a feature that further enhances our advanced data protection controls to keep users and data safe across more of the apps they use everyday. 


Additional details 

Screen readers, braille devices, and screen magnification will not change with Trusted Types. However, we recommend admins and developers check third party extensions for Trusted Types violations. Visit the Help Center to learn more about Accessibility for Google Docs, Sheets, Slides, & Drawings


Getting started 

  • Admins: There is no admin control for this feature. 
  • Developers: 
    • To make code Trusted Types compliant, signal to the browser that data being used within the context of these DOM APIs is trustworthy by creating a Trusted Type special object. 
    • There are several ways to be Trusted Types compliant, such as removing the offending code, using a library, or creating a Trusted Types policy. To ensure a seamless experience for users, these techniques can be employed before Trusted Types enforcement is rolled out. 
    • Visit the Chrome DevTools engineering blog to learn more about implementing CSP and Trusted Types debugging in Chrome DevTools
  • End users: There is no end user setting for this feature. 

Rollout pace 

Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 
  • Available to users with personal Google Accounts 

Resources