How to prevent iframe from loading when injected into the DOM?

For example, this code creates an iframe with a src that begins a download.

f = B.Node.create('<iframe class="offscreen" role="presentation" tabindex="-1" id="' + d + '" src="' + Z + Y + '">');
F("body").appendChild(f);

Without any libraries, what are ways to prevent the iframe from loading or to stop the download?

Preventing the iframe injection is also acceptable.

Is it a good idea to modify the behavior of "appendChild()"?

I'm using Opera 11.50 Build 1074.

You cannot overwrite functions like appendChild, in all (if any) browsers. The only way to prevent iframes from being injected is to not include any JavaScript libraries that do arbitrary DOM injection.

If it's your own code you want to prevent from inserting iframes, simple add some HTML "sanitizing" functionality.

append empty iframe

document.body.appendChild(document.createElement('iframe').setAttribute('id', 'myiFrame'));

when you want to load the content:

document.getElementById('myiFrame').setAttribute('src', 'http://blah.com/blah.htm');

https://gist.github.com/1126767/

// ==UserScript==
// @name Enhance Yahoo! Mail
// @author XP1 (https://github.com/XP1/)
// @namespace https://gist.github.com/1126767/
// @version 1.0
// @description In Yahoo! Mail, opens the download iframe in a new window so that the attachment can be opened if the file type is associated with the Opera browser.
// @include http*://mail.yahoo.*/*
// @include http*://*.mail.yahoo.*/*
// @include http*://mail.yimg.*/*
// @include http*://*.mail.yimg.*/*
// @include http*://yahooapis.*/*
// @include http*://*.yahooapis.*/*
// ==/UserScript==

/*jslint browser: true, vars: true, white: true, maxerr: 50, indent: 4 */
(function (topWindow)
{
    "use strict";

    if (window.self === topWindow)
    {
        var disableDownloadIframe = function ()
        {
            topWindow.addEventListener("DOMNodeInserted", function (event)
            {
                var sourceElement = event.srcElement;
                if (sourceElement.tagName.toLowerCase() === "iframe" && sourceElement.hasAttribute("id") && sourceElement.getAttribute("id").indexOf("#dlFrame") !== -1)
                {
                    var downloadLink = sourceElement.getAttribute("src");
                    sourceElement.parentNode.removeChild(sourceElement);

                    window.open(downloadLink);
                }
            }, false);
        };

        disableDownloadIframe.call(this);
    }
}(window.top));