Steps to reproduce: 1. Open Keyboard Viewer from under a flag menu (enable it in International preferences if needed). 2. Open data:text/html,<input type=password> 3. Type something in the password input field. Observe that your typing isn't reflected in Keyboard Viewer. 4. Open data:text/html,<input> in the same tab. 5. Type something in the input, observe that typing is now reflected in Keyboard Viewer. 6. Click browser Back button. 7. Type something in the password input field. Results: typing is visible in the Keyboard Viewer, although it obviously shouldn't. This happens because we're setting up secure event mode in a respondToChangedSelection() when the password field is focused - but didCommitLoad is sent after a cached frame is fully restored, and we then reset it to "new page" state. It's not easy to say when didCommitLoad should really be sent for cached page loads, but I think that doing it after a complete restore is definitely wrong.