Script Tag in RSS Feed

Question

I have created a RSS feed for an Umbraco blog. As per below, a function enclosed in script tags appears in the generated XML which means that it fails RSS validation with the error 'Undefined rss element: script' (as per https://validator.w3.org/feed/). I have no idea why this script tag appears. The RSS XML definition (further below) does not contain it and I can find no reference to the function or its contents in the code base.

Is anyone able to shed any light on why this script tag and its contents appear? I need to remove it in order to pass RSS validation. Thank you.

I'm currently only testing this on localhost.

<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" version="2.0">
<script>
(function(){EventTarget.prototype.ol_originalAddEventListener=EventTarget.prototype.addEventListener,EventTarget.prototype.addEventListener=function(t,e){var n=this,r=arguments.length>2&&void 0!==arguments[2]&&arguments[2];this.ol_originalAddEventListener(t,e,r),"click"===t&&setTimeout(function(){!window.OL_NOT_LOGIN_PAGE&&n.setAttribute&&n.setAttribute("data-ol-has-click-handler","")},0)}})("")
</script>
<channel>
<title>Script Tag in RSS XML...</title> etc

<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:wfw="http://wellformedweb.org/CommentAPI/"
     xmlns:dc="http://purl.org/dc/elements/1.1/"
     xmlns:atom="http://www.w3.org/2005/Atom"
     xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
     xmlns:slash="http://purl.org/rss/1.0/modules/slash/">

    <channel>
        <title>@FEED_TITLE</title>
        <atom:link href="@feedUrl" rel="self" type="application/rss+xml" />
        <link>@feedParentPage.UrlWithDomain()</link>
        <description>@FEED_DESCRIPTION</description>
        <lastBuildDate>@lastBuildDate.ToString("r")</lastBuildDate>
        <language>@LANGUAGE</language>
        <sy:updatePeriod>@UPDATE_PERIOD</sy:updatePeriod>
        <sy:updateFrequency>@UPDATE_FREQUENCY</sy:updateFrequency>
        @foreach (IPublishedContent item in feedItems.OrderBy(ARTICLE_DATE_PROPERTY_ALIAS + " desc"))
        {
            string articleDescription = item.GetPropertyValue<string>(INTRODUCTION_PROPERTY_ALIAS);
            @:<item>
                <title>@(item.HasProperty(ARTICLE_TITLE_PROPERTY_ALIAS) ? item.GetPropertyValue<string>(ARTICLE_TITLE_PROPERTY_ALIAS) : item.Name)</title>
                @:<link>
                @umbraco.library.NiceUrlWithDomain(item.Id)
                @:</link>
                <pubDate>@(((DateTime)item.GetPropertyValue(ARTICLE_DATE_PROPERTY_ALIAS)).ToString("r"))</pubDate>
                <dc:creator><![CDATA[@CREATOR_NAME]]></dc:creator>
                <category><![CDATA[@CATEGORY]]></category>
                <guid isPermaLink="false">@item.UrlWithDomain()</guid>
                <description><![CDATA[@articleDescription]]></description>
            @:</item>
        }
    </channel>
</rss>

Please specify the list of clients you have used to view the generated XML, to rule out client behavior. In this case, I believe the problem is caused by client behavior. — AndrewF, Jan 08 '20 at 00:16

score 4 · Accepted Answer · answered Jan 08 '20 at 00:02

4

This script is injected by the OneLogin browser extension. I suggest that you disable it for that domain or remove it completely, and use a different (better) password manager like 1Password or LastPass.

answered Jan 08 '20 at 00:02

AndrewF

1,827
13
25

Good spot. Unfortunately, the OneLogin extension is used company-wide and installed by default on all browsers, so it can't be removed. On the other hand, I no longer work for that company. But thank you for answering. – DefChip Feb 13 '20 at 11:24

Lisa V · Answer 2 · 2019-10-04T18:32:21.727

(So, I don't really have an answer, but I don't have enough reputation to just comment.)

Just a few minutes ago I saw a similarly weird script tag in an error message on an AWS s3 page I had just deployed (static js/css/html page).

The page displays what looks like a standard AWS error page, but in the XML there is a script tag with the same contents you display. I found your post because I was searching for 'ol_originalAddEventListener'

In my case of the error, the specified key is the exact same url I was able to to use when I redeployed the same code to the usual spot.

Not an answer, but maybe more helpful evidence?

`ol` stands for OneLogin. This is caused by the OneLogin browser extension. — AndrewF, Jan 08 '20 at 00:03

score 1 · Answer 3 · answered Oct 07 '19 at 11:26

It turns out there's a known issue with Chrome rendering RSS XML correctly.

(related link: Google Chrome rendering XML as text for RSS feed)

I haven't yet found a full explanation of why that particular JS appears in the script tag in Chrome but generating the RSS feed locally in Edge, Firefox and IE11 produces correctly-formatted XML without the problematic script tag. The RSS XML rendered in these browsers passes RSS validation, which solves my issue.

For info, the correctly-rendered RSS XML can be viewed in Chrome using view-source:.

Thought I'd answer my own question in case anyone else lands here.

+1 I've been pulling my hair out - would've never thought chrome would add a script tag like this to xml documents. (it applies to more than just rss!) — caesay, Nov 06 '19 at 11:35

Script Tag in RSS Feed

3 Answers3