It is generally not possible to prevent users from pasting JavaScript into an iframe that is in design mode. Design mode allows users to edit the content of an iframe as if it were a simple text editor, and it is intended to be a flexible and powerful way to edit web content.

However, you can use the contentEditable attribute to control whether the content of an iframe is editable or not. If you set the contentEditable attribute to false, users will not be able to modify the content of the iframe using the mouse or keyboard.

Here is an example of how you can use the contentEditable attribute to make the content of an iframe non-editable:

const iframe = document.getElementById('my-iframe');
iframe.contentEditable = false;

Keep in mind that setting the contentEditable attribute to false will also prevent users from copying and pasting content into the iframe, as well as from using the mouse or keyboard to edit the content in any way.

If you want to allow users to edit the content of the iframe but prevent them from pasting JavaScript into it, you will need to find a way to filter out JavaScript from the pasted content. One way to do this is to use the beforeinput event to intercept and modify the pasted content before it is inserted into the iframe.

Here is an example of how you can use the beforeinput event to remove JavaScript from pasted content:

const iframe = document.getElementById('my-iframe');
iframe.addEventListener('beforeinput', event => {
  // get the pasted content
  const pastedContent = event.data;

  // remove any JavaScript from the pasted content
  const filteredContent = pastedContent.replace(/<script[^>]*>.*?<\/script>/gi, '');

  // prevent the default behavior (inserting the pasted content)
  event.preventDefault();

  // insert the filtered content into the iframe
  document.execCommand('insertHTML', false, filteredContent);
});

This will allow users to edit the content of the iframe, but it will strip out any JavaScript from the pasted content before inserting it into the iframe.