XSS worm on my InfinityFree site?

The problem doesn’t seem to be related to InfinityFree. I was spooked by that obfuscated code and genuinely did not realize it was a legitimate browser validating thing, so that’s why I brought it here. But I was able to reproduce the problem on another web server so I’ve confirmed it’s not InfinityFree related. Just thought you guys would want to know. I still haven’t solved the problem yet. What happens is that all of the iframe’s onload events are fired for the entire page. But the content does not load for any of the several youtube iframes. But it does load for the gofundme iframes. So now I need a way to test whether the content has loaded or not so that JavaScript can reload the iframe content for all of the youtube iframes. I haven’t figured out how to do that yet since the onload event is fired whether the content loads or not. There aren’t any race conditions so that’s not it. But it could be a badly behaving chrome extension.