Title: [Plugin: podPress] Feed does not validate Last modified: August 20, 2016 --- # [Plugin: podPress] Feed does not validate * Resolved [toptm](https://wordpress.org/support/users/toptm/) * (@toptm) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-podpress-feed-does-not-validate/) * Hello again. * It seems my feed, [http://theonlypodcast.com/?feed=podcast](http://theonlypodcast.com/?feed=podcast), isn’t validating. Its says I’m getting two errors in line 1 along with two interopability errors. * Tim, please help. * [http://wordpress.org/extend/plugins/podpress/](http://wordpress.org/extend/plugins/podpress/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [ntm](https://wordpress.org/support/users/ntm/) * (@ntm) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-podpress-feed-does-not-validate/#post-2288074) * Hi Andrew, * the error message suggests that the problem might come from the plugin `wp-content/ plugins/file-gallery/includes/main.php` and if you search with the first 50-100 characters of Javascript you can see in the source code of the feed (right at the beginning; before the error message) then the first result is [this forum post](http://wordpress.org/support/topic/is-this-a-hack-on-my-site). I’m not sure that it is really the same problem because the code in the other thread was erased by the forum admin. But in every case you try to deactivate that other plugin. Maybe search through the files of the plugins for this part of the code `String.prototype.test="harC";for(i in $='')if(i=='test')m=$[i];var` which gets inserted at into your RSS feed. Maybe it is part of a different plugin( I don’t know what file gallery is meant to do.) * Regards, Tim * Thread Starter [toptm](https://wordpress.org/support/users/toptm/) * (@toptm) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-podpress-feed-does-not-validate/#post-2288143) * Tim, * Thanks for looking at the feed. The File Gallery plugin was something I installed a while back to help with attachments to my posts. A simple deactivation of it took away most of the errors, but the feed is still not valid. The error message now states * > line 1665, column 0: XML parsing error: :1666:1: junk after document > element * and when I scroll down to that line it reads ``. * Any thoughts? * Thanks again, Andrew * Plugin Author [ntm](https://wordpress.org/support/users/ntm/) * (@ntm) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-podpress-feed-does-not-validate/#post-2288161) * The code which has been injected at the beginning of your RSS feed is now at the end of the source code of the feed. Deactivating the File Gallery has probably caused that change. But the that plugin does not seem to be the origin of this malicious code. * As in the other forum thread suggested it could be a problem which may have to do with the timthumb.php library. You should upgrade all your plugins and the theme (if there are updates available) and if the problem is the timthumb then maybe this [http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/](http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/) plugin may help to find the file. I’m not sure whether the code (which starts with `String.prototype.test="harC";for(i in $='')if(i=='test')m=$[i];var ss=""`) is in one of the .php or .js files of your blog or if gets loaded from an external source. But you should search through the files of your blog for this phrase.( There are programs like the test editor [Scite](http://en.wikipedia.org/wiki/SciTE) which are able to search through file of different types in different folders and sub folders with one query.) * In general it seems to be good idea to find where that code comes from. Maybe try to deactivate other plugins temporally too. even podPress and validate the feed again. You might want to use the default blog feed for this. This code makes all your RSS feeds invalid not only the one which podPress adds to the blog. ( Maybe start with podPress. I really like to know whether podPress is involved somehow.(Use [http://theonlypodcast.com/feed/](http://theonlypodcast.com/feed/) in the validator while pP is deactivated.)) You should also consider to switch to the default theme for a test. (Please change only one thing at a time and validate after every change.) * This [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) might contain also helpful ideas like changing the security keys in the wp_config. php. But search for bad plugin, or files and checking the theme are good things to start with. * Plugin Author [ntm](https://wordpress.org/support/users/ntm/) * (@ntm) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-podpress-feed-does-not-validate/#post-2288163) * btw: This Javasscript code is not only in the RSS feeds. You can find it at the end of the source code of probably all the posts and pages of your blog. * Thread Starter [toptm](https://wordpress.org/support/users/toptm/) * (@toptm) * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-podpress-feed-does-not-validate/#post-2288164) * Tim, * That line of code came from a twitter plugin I have. I deactivated and removed that plugin and the feed still didn’t validate. The same error message came through( line 1665). * I installed and ran the timthumb scanner and it showed that my file were clean. * I went through and deactivated each plugin and ran the validator and nothing changed. Wit pP deactivated (using theonlypodcast.com/feed/) I get this message: * > This feed does not validate. * line 2007, column 0: XML parsing error: :2008:1: junk after document element [help] * In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendation. * line 1662, column 0: content:encoded should not contain iframe tag [help] *