I have not seen a code injection before, but I got this comment. So I wonder if this is what a code injection attempt looks like. I have kind of put the line breaks in the wrong places.
window.fbAsyncInit = function() {FB.init({ appId : '443559335669354',
// App ID status : true,
// check login status cookie : true,
// enable cookies to allow the server to access the session xfbml : true
// parse XFBML });
// Additional initialization code here };
// Load the SDK Asynchronously (function(d){ var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0]; if (d.getElementById(id)) {return;} js = d.createElement('script'); js.id = id; js.async = true; js.src = "//connect.facebook.net/en_US/all.js"; ref.parentNode.insertBefore(js, ref); }(document))