Consider below url entered by user:

http://www.xyz.com/index.php?id=0077...lert%28339%29+

1. How to prevent loading JS contents in iframe?
2. Is it possible to prevent url loading if it contains any javascript function?

What are ways to stop this type of cross-site scripting?

Regards,
Nilanjan