By using XML based language it's possible to spoof browser interface.
vulners.com/securityvulns/securityvulns:doc:6557