Protect iframe. One domain for the iframe?

I have a iframe. This iframe open a domain. But how can i protect this iframe. When i go to this iframe i get this url: http://.........nl/rganisatie/werken_bij/vacatures?u=http%3A//vacatures.wrij.nl/

But no can change people the domain name of the iframe. When you change vacatures.wrij.nl/ 开发者_Go百科to a other website. The iframe open a other domain / website. I would protect this.

How can i make with javascript. That the iframe open only one domain?

Thanks!

You must validate the URL server-side.

Notice, that your site is prone to many attacks, including JS injection!!! (I found it on google using information you provided in your question...)

Generally:

• IFrames are evil, avoid them. Use AJAX instead.
• Never trust user-provided data!