@ThanhTo - If you look at the test that you have shared, the last record is
type id=txt-password ThisIsNotAPassword
My problem is that if the recorder knows, while parsing the dom, that the input type is password in this case, why is it showing me the password that was entered for this test, which is “ThisIsNotAPassword”. The recorder should be smart enough to not expose passwords like this as Katolan recorder may be used by a naive client/customer of ours to automate their test cases.
For the scenario to test login with a wrong password, its fine since the password captured is anyways wrong, but for the successful login scenario, the recorder should be able to store two values - one that is the actual password, one a masked value of the password like base64 encoded or encrypted etc.