Password field outputs in plain text using console.log()

Question

I discovered something interesting today while messing around with the password fields in Google Chrome.

Interestingly, outputting the value of an input of type 'password' to console using console.log(password); totally negates the idea of obscuring the password fields by printing the password in plain text in the console.

var password = $('#password').val();
console.log(password);

<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<input class="form-control text-box single-line input-validation-valid" id="password" name="password" type="password" value="test">

Would this cause any security issues at all?

Answer 1

The value of all textual input controls is the text that was typed in it, irrelevant if it is a password input or not. The only difference that type="password" makes is that it obscures the text in the web view.

You can even call up the Dev Tools to inspect a password textbox, change type="password" to type="text" and BAM you suddenly see the plain text that you typed.