I actually want advertisers to enter their website's URL and the users have to stay, say 10 seconds, on the advertiser's website, to be able to view an article on my website.
So there will be a kind of countdown on the top horizontal bar, just above the iframe with the external site.
Is there a way to solve this issue in a secure manner?
I will have to moderate the advertiser's website. Can I use a tool to detect malicious scripts on a third party web page?
But this won't harm your server, so it is purely about the experience on your site by the person visiting it.
How you can prevent this? By checking and making sure that everything works properly on the site that you load.
This is no different than crosslinking a picture from web someplace and the owner of the website changing the picture to say F#%K Y$U.
But whatever you do, don't do it on 'sensitive' pages on your site. If you have login form, don't put login form on the same site where you load those iFrames. Since that frame can place a listener and then start capturing whatever the user enters. If you need to place login too, then have that on a separate page URL and on that URL don't load these ads.
To sum things up though, to make such an attack work requires a lot of effort for very little real damage. But that's the risk you take by allowing outside sources to your site. If you let a stranger in your house, don't be surprised if it is more difficult to protect yourself.