Assigning to Vaclav as per issue:  337429 

These may be stupid questions to ask, but since I am not sure what your experience is I figured I would ask anyway just in case it was helpful.

1. Is the iframe you are trying to access on the same domain/origin -- otherwise you wouldn't be able to access its internals due to cross-site scripting, correct?

2. Are you making sure that you are accessing the 'iframe.contentDocument' and not the page 'document'? I am pretty sure you can't access elements of an iframe in a page just using document. You first need to let it know you are interested in the iframe's document object. (Please feel free to correct me if I am wrong)

Just putting that out there in case it is helpful. Sorry if I am spreading any incorrect information or not understanding the question properly.

Thanks for the report.

Ad #3 -- see the step 7. from the description. That would not work in the presence of the issues you mentioned.

I'll have a look and update this bug with my findings.

I could reproduce the observations following the steps 1-7 exactly (on GNU/Linux and Chrome version 55).

@stepan.roh -- could you please confirm that if you change step 5 to just:
5'. Click anywhere in the frame.
then you can still the password value in step 7?

That's what I observe, and that's working as intended. The value is not made visible to JavaScript until the user interacts with the page in some way. It is a protection against a special type of password harvesting.

I'll close this as WontFix by now. If you get back to me that step 5' above does not work for you, I'll reopen and investigate.

Cheers,
Vaclav

Ad #5: I wanted to confirm, but for a reason which I don't understand it started to work for multiple people in our company. There was no Chrome version change, nothing. I'll write back if it happens again. Thank you for your time.

Thank you for the update. And yes please, do let us know if the issue appears again.
Cheers,
Vaclav

I'm now experiencing this issue with a website that I'm involved in developing. The existing version of the site works fine, but an update that's in development is exhibiting this problem.

The login page is in an iframe in both versions. If we visit the login page directly (i.e. not in an iframe) then the password field works as expected, i.e. no value available via JS until the page is interacted with.

When the login page is used as part of an iframe, the old version of the site shows a value in the password field immediately (i.e. before interaction with the login page), while the new version operates as in steps 1-7 above. Clicking in the frame does not cause the password to be available in step 7.

The login pages are essentially identical in both versions, and the page structure has changed on the outer page, but the iframes themselves are not dissimilar in a way that would seem to cause this issue.

Thanks for the comment. It would be helpful, if you could share an example of HTML sites which to put in the main frame and in the iframe in order to reproduce the issue. Are the origins of the mainframe and the iframe the same? Did that change recently?

Thanks for replying. I'm unfortunately not in a position to share the site that I'm experiencing the issue with, and I haven't noticed this happening with any others. The origins of the main frame and the iframe haven't changed, no. In fact, we've decided to just rework our login form so that it doesn't use an iframe, and this has solved the problem.

Sorry, I wish I could help more, in case anyone else experiences this! Thanks for your help, anyway.

Thanks for your answer. I understand that you could not share the failing instance, and I'm glad you were able to work around the issue. If you find a shareable failure in the future, please let us know, so that we can try to reproduce and fix the issue.

Having the same issue when we have the login form in a Fancy Box.
Its exactly the Same Step given above.

Here is the screenshot of it.

Deleted: screenshot.jpg 104 KB

	screenshot.jpg 104 KB View Download