The string in question is:
<!-- '"` --><!-- </textarea></xmp> --></option></form>
The two last closing tags are stray (i.e. don't correspond to any opening tags). This makes the markup invalid, but browsers don't care. The string appears before every <form>
opening tag.
Is this done to prevent some attack, like while(1);
was used to prevent JSON hijacking?
Note: It seems this question was asked before in another now-removed question. I can't see the question and I don't know why it was removed.