Summary: The input-security property allows password fields to be
unmasked. This allows pages to make "reveal password" buttons etc.
Platform coverage: All
DevTools bug: N/A
* WebKit and Blink allow to do this via prefixed -webkit-text-security.
* WebKit has implemented the standard property already:
web-platform-tests: They exist, and they pass with my patch.
Let me know if there's any concern with this property. We have unmasking
capabilities for autofilled passwords already, this basically gives the
page authors the tool to do the same.
I could see this perhaps being used maliciously, though then again, a
page can also switch input.type to "text" to reveal the password using