To prevent a malicious user from hijacking HTML static contents in a Web page, the framework applies a server-side validation technique.