Here is a description of the steps that can be taken to prevent iframes from being uploaded directly from the browser.
A sample code is given at the end that can be embedded into the html.
Description:
Cross Site Scripting allows an attacker ...
How can I tell if a website is secure to browse?
Enter the site into the field at the bottom of this page and scan it prior to browsing http://www.explabs.com
If there are errors, there is likely a code exploit on the site that a hacker has exploite...
See this informative page of solutions to stop these annoyances.
http://faq.nucleuscms.org/item/45