How to protect a from XSS?

Most sites having a sign in form have the following html element:

<input type="password" />

If I press F12 to open the debugger on chrome and type:


this will retrieve the password.
A hacker could write a XSS in which the password is read and sent to his server
then log in my CMS.
In Bank of America’s website, the password’s input value is shown as “secret”, they have a solution to protect it. The real password is unaccessible, thus protected.

What are some solutions to this?